review-conf
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs security reviews of Ansible configuration files (ansible.cfg). This is its primary purpose and involves identifying risks like plaintext credentials and world-readable vault files.\n- [DATA_EXFILTRATION]: The skill reads local configuration files from standard paths (e.g., ~/.ansible.cfg) and checks for credentials in fields like vault_identity_list and fact_caching_connection. Because the skill has no network capabilities and follows a read-only constraint, this exposure is restricted to the local report generated for the user.\n- [PROMPT_INJECTION]: The skill processes external data (ansible.cfg) which constitutes a surface for indirect prompt injection. 1. Ingestion points: Behavior Step 2 (reading ansible.cfg). 2. Boundary markers: None. 3. Capability inventory: Read and parse INI files via the discovery script. 4. Sanitization: None. This surface is inherent to auditing untrusted configuration files.
Audit Metadata