data-replication-setup
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill contains hardcoded passwords in SQL and bash templates (e.g., 'secure_password', 'replication_password'). Although intended as placeholders, using hardcoded credentials in instructions increases the risk of them being deployed in production environments.
- [COMMAND_EXECUTION] (HIGH): The skill requires the use of 'sudo' to manage system services (e.g., 'sudo systemctl stop postgresql'). Executing commands with elevated privileges poses a significant risk of privilege escalation and unauthorized system modification if the agent is compromised or misled.
- [COMMAND_EXECUTION] (MEDIUM): The skill includes instructions for powerful filesystem and process operations such as 'pg_basebackup' and 'pg_ctl promote', which can significantly alter the host's data and service availability.
- [Indirect Prompt Injection] (HIGH): This skill is highly susceptible to indirect prompt injection because it defines command templates meant to be filled with external data.
- Ingestion points: Variable placeholders like 'primary_ip', 'standby_ip', 'replication_user', and 'dbname' in SKILL.md.
- Boundary markers: None identified in the provided templates.
- Capability inventory: Shell execution (systemctl, pg_basebackup, pg_ctl, touch) and SQL execution via database clients.
- Sanitization: No evidence of input validation or sanitization is present in the instruction set, allowing an attacker to potentially inject malicious flags or commands via the placeholder values.
Recommendations
- AI detected serious security threats
Audit Metadata