Skills
skills/aaaaqwq/claude-code-skills/sysadmin-toolbox/Gen Agent Trust Hub

sysadmin-toolbox

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The file scripts/refresh.sh clones the repository https://github.com/trimstray/the-book-of-secret-knowledge.git at runtime. Because this source is not within the defined TRUST-SCOPE, it is considered an untrusted external download.
  • PROMPT_INJECTION / Indirect (HIGH): The skill is configured to 'AUTO-CONSULT' reference files that are populated via the refresh.sh script. This creates a high-risk surface for indirect prompt injection (Category 8).
  • Ingestion points: scripts/refresh.sh fetches content from a remote Git repository and writes it to references/*.md files.
  • Boundary markers: None. The script uses awk to extract raw text blocks from the remote source and saves them directly.
  • Capability inventory: The skill contains instructions for terminal manipulation, network requests (curl), and shell one-liners that can be executed via subshells.
  • Sanitization: None. The skill assumes the remote markdown content is safe for the agent to read and follow.
  • COMMAND_EXECUTION (MEDIUM): The skill provides functional bash scripts and one-liners in references/shell-tricks.md and references/shell-oneliners.md. These include commands for TTY upgrading (stty raw -echo), network diagnostics (curl), and system inspection, which an agent might attempt to execute directly when 'auto-consulting'.
  • DATA_EXFILTRATION (LOW): The DomainResolve and GetASN functions in references/shell-tricks.md send hostnames and IP addresses to external APIs (dns.google.com and ip-api.com). This constitutes a network disclosure of metadata related to the user's infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 09:51 PM