ssh
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of remote commands on specified SSH hosts. Evidence:
scripts/ssh_exec.pypasses a command string provided by the agent tosubprocess.runto be executed viasshon the target machine.\n- [CREDENTIALS_UNSAFE]: The skill manages and modifies the user's SSH configuration file, which contains sensitive connection metadata. Evidence:scripts/ssh_config.pyprovides functionality to read, parse, and append new host entries to~/.ssh/config.\n- [DATA_EXFILTRATION]: The skill includes file transfer capabilities that could be used to move sensitive data to external servers. Evidence:scripts/ssh_transfer.pyusesscpto upload and download files between the local and remote environments.\n- [PROMPT_INJECTION]: The capability to execute remote commands based on agent input creates an attack surface for indirect prompt injection. 1. Ingestion points: Command arguments and file paths passed to the scripts. 2. Boundary markers: No delimiters or warnings are used to process untrusted input strings. 3. Capability inventory: Remote command execution (ssh_exec.py), file transfer (ssh_transfer.py), and SSH configuration modification (ssh_config.py). 4. Sanitization: The implementation uses list-based subprocess calls to prevent local shell injection but does not validate the remote intent or content of the commands.
Audit Metadata