knowledge-base
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from a remote server with high-privilege tool access.
- Ingestion points: The agent is instructed to read various remote files, including
CLAUDE.md, central indices, and categorical notes usingsshandcatcommands. - Boundary markers: There are no delimiters or safety instructions provided to help the agent distinguish between its own system prompt and instructions potentially embedded within the remote content.
- Capability inventory: The skill grants the agent the ability to execute a variety of shell commands on the remote host, including listing, reading, searching, writing, and deleting files.
- Sanitization: Content retrieved from the NAS is not sanitized or filtered before being presented to the agent for processing.
- [COMMAND_EXECUTION]: The skill relies on the dynamic construction and execution of shell commands over SSH. It uses variables for the host, port, and user, which are loaded from local configuration or environment variables.
Audit Metadata