ansible-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from web search results and user-provided requirements to generate executable Ansible playbooks and roles.
- Ingestion points: User requirements and external documentation fetched via WebSearch or MCP tools as described in the 'Handling Custom Modules and Collections' section of SKILL.md.
- Boundary markers: The instructions do not define explicit delimiters or warnings to prevent the LLM from obeying instructions embedded within the untrusted search results.
- Capability inventory: Generated code has high capabilities, including arbitrary command execution, file system modification, and network requests via Ansible modules.
- Sanitization: No specific sanitization logic is described for the input data, though the skill mandates a validation step using 'devops-skills:ansible-validator' on the generated output.
- [COMMAND_EXECUTION]: The skill is designed to generate tasks that execute commands and shell scripts on target systems.
- Evidence: Multiple templates (e.g.,
assets/templates/role/tasks/main.yml) and reference guides (references/module-patterns.md) provide examples for usingansible.builtin.commandandansible.builtin.shell. - Controls: The skill enforces security best practices, including the use of idempotency guards (
creates,removes) and appropriate task naming to ensure transparency. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of external Ansible collections and roles.
- Evidence: The
assets/templates/project/requirements.ymlfile provides templates for fetching dependencies from well-known services like Ansible Galaxy and GitHub. - Context: These references target established repositories and are a standard part of the Ansible ecosystem.
- [CREDENTIALS_UNSAFE]: Templates provided within the skill reference sensitive system paths commonly associated with credentials.
- Evidence:
assets/templates/inventory/group_vars/all.ymlincludes a default reference to~/.ssh/id_rsa, and various role templates include placeholders for SSL private keys. - Context: These are used as configuration placeholders for the user's local environment rather than being hardcoded secrets or unauthorized access attempts by the skill itself.
Audit Metadata