nginx
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (MEDIUM): The skill frequently employs
sudoto perform high-privilege operations, such as installing packages viaapt, managing system services withsystemctl, and writing to protected directories like/etc/nginx/. While these actions are essential for the primary purpose of server configuration, they provide a broad attack surface if the agent is exploited. Finding evidence inSKILL.mdandscripts/ssl-setup.sh. - [External Downloads] (LOW): The skill automates the installation of
certbotand its Nginx plugins using system package managers (apt,dnf). Per [TRUST-SCOPE-RULE], these downloads from official operating system repositories are considered low risk. Finding evidence inscripts/ssl-setup.sh(line 14) andreferences/ssl.md. - [Data Exposure] (LOW): The scripts and documentation reference sensitive filesystem paths, specifically SSL private keys located at
/etc/letsencrypt/live/example.com/privkey.pem. While necessary for server configuration, access to these paths should be strictly monitored. No exfiltration behavior was detected. - [Indirect Prompt Injection] (LOW): The skill contains an ingestion surface for untrusted data which is subsequently used in file-system and command operations.
- Ingestion points: Positional parameters
$domainand$portinscripts/nginx-generator.shandscripts/ssl-setup.sh. - Boundary markers: Absent; user inputs are interpolated into configuration templates and shell commands without delimiters or warnings to ignore embedded instructions.
- Capability inventory: File writing via
cat, package installation viaapt, and configuration testing vianginx -t. - Sanitization: Absent; the scripts do not perform validation or escaping of the domain and port inputs before they are written to the filesystem.
Audit Metadata