skills/zhinkgit/embeddedskills/ssh/Gen Agent Trust Hub

ssh

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of remote commands on specified SSH hosts. Evidence: scripts/ssh_exec.py passes a command string provided by the agent to subprocess.run to be executed via ssh on the target machine.\n- [CREDENTIALS_UNSAFE]: The skill manages and modifies the user's SSH configuration file, which contains sensitive connection metadata. Evidence: scripts/ssh_config.py provides functionality to read, parse, and append new host entries to ~/.ssh/config.\n- [DATA_EXFILTRATION]: The skill includes file transfer capabilities that could be used to move sensitive data to external servers. Evidence: scripts/ssh_transfer.py uses scp to upload and download files between the local and remote environments.\n- [PROMPT_INJECTION]: The capability to execute remote commands based on agent input creates an attack surface for indirect prompt injection. 1. Ingestion points: Command arguments and file paths passed to the scripts. 2. Boundary markers: No delimiters or warnings are used to process untrusted input strings. 3. Capability inventory: Remote command execution (ssh_exec.py), file transfer (ssh_transfer.py), and SSH configuration modification (ssh_config.py). 4. Sanitization: The implementation uses list-based subprocess calls to prevent local shell injection but does not validate the remote intent or content of the commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:07 AM
Security Audit — agent-trust-hub — ssh