skills/smithery/ai/adguard-home/Gen Agent Trust Hub

adguard-home

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • Privilege Escalation (HIGH): The skill explicitly instructs the agent to use sudo via SSH for service management (systemctl), log retrieval (journalctl), and software updates. Granting an agent the ability to execute privileged commands on a network-critical server presents a significant security risk.
  • Indirect Prompt Injection (HIGH): (1) Ingestion points: The skill reads untrusted data from DNS query logs (/control/querylog) and external blocklist URLs. (2) Boundary markers: No delimiters or sanitization logic are defined in the instructions to prevent the agent from interpreting log entries as instructions. (3) Capability inventory: The skill has extensive 'write' and 'execute' capabilities, including modifying DNS rewrites, adding filtering rules, and executing shell commands. (4) Sanitization: None present.
  • Unverifiable Logic (MEDIUM): The primary functional component, scripts/adguard_api.py, is missing from the skill package. This prevents auditing of how credentials are handled and whether any hidden exfiltration logic exists.
  • Credential Exposure (MEDIUM): Instructions require users to store ADGUARD_PASS and SSH credentials in environment variables. If the agent's environment is not strictly isolated, these secrets are at risk of exposure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:58 AM
Security Audit — agent-trust-hub — adguard-home