sysadmin-toolbox
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains hundreds of practical shell one-liners for system administration, networking, and security auditing (e.g., 'rm -rf', 'chmod 777', 'tcpdump', and 'nc' shells). While intended for reference, these represent a high-privilege command set that the agent might be persuaded to execute.
- [EXTERNAL_DOWNLOADS]: A maintenance script ('scripts/refresh.sh') is included that performs a 'git clone' from a non-vendor GitHub repository ('trimstray/the-book-of-secret-knowledge') to update the skill's local references.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it dynamically ingests content from an external third-party repository. There are no boundary markers or sanitization steps to prevent malicious instructions in the upstream repository from influencing the agent's behavior when these references are loaded.
Audit Metadata