Ansible Playbook Runner
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to invoke the ansible-playbook CLI to perform infrastructure automation tasks.
- [EXTERNAL_DOWNLOADS]: Skill installation is facilitated via npx and clawhub, which download components from the vendor's (agentskillexchange) infrastructure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, potentially untrusted data in the form of Ansible playbooks and inventory configurations.
- Ingestion points: Processes .yml playbooks and inventory files as described in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are defined in the skill documentation to isolate instructions within playbooks from the agent context.
- Capability inventory: The skill utilizes ansible-playbook, which has extensive capabilities including file system modification and remote command execution via SSH across ALL operations.
- Sanitization: No evidence of input validation or sanitization for the playbook content or inventory variables is provided in the documentation.
Audit Metadata