btpanel
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The BtClient class in bt_common/bt_client.py disables SSL certificate verification (self._session.verify = False). This allows for Man-in-the-Middle (MITM) attacks where an attacker can intercept the administrative API tokens sent to the panel.\n- [CREDENTIALS_UNSAFE]: The configuration utility scripts/bt-config.py requires the API token to be passed as a command-line argument (--token). This practice exposes secrets to the system's process list and shell history files.\n- [PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface. It ingests untrusted data from server logs and scheduled task outputs into the agent's context.\n
- Ingestion points: Server log files read by scripts/logs.py, SSH logs in scripts/ssh.py, and crontab logs in scripts/crontab.py.\n
- Boundary markers: The skill does not use delimiters or warnings to prevent the agent from following instructions embedded in the logs.\n
- Capability inventory: The library includes powerful capabilities such as remote file writing and deletion (bt_common/files_client.py), configuration management (scripts/bt-config.py), and service management (scripts/services.py).\n
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the remote server before it is presented to the agent in scripts/logs.py or scripts/ssh.py.\n- [COMMAND_EXECUTION]: The scripts/check_env.py script executes shell commands via subprocess.run to detect Python versions and executable paths. Additionally, it uses import for dynamic module loading during dependency verification.
Audit Metadata