arch-scalability
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing administrative commands through several system utilities, including the AWS CLI (
aws), Redis CLI (redis-cli), MySQL (mysql), and RabbitMQ administrator (rabbitmqadmin). It also suggests direct modification of the NGINX configuration file located at/etc/nginx/nginx.conf. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to the Cloudflare API using
curlto manage zone settings. This interaction targets a well-known technology service and is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to the interpolation of data into executable shell commands.
- Ingestion points: User-provided parameters such as
instance-id,zone-id,groupname, andREDIS_API_KEYare interpolated into shell command templates inSKILL.md. - Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the usage patterns.
- Capability inventory: The skill possesses high-privilege capabilities including subprocess execution (AWS, Redis, MySQL, RabbitMQ) and network access via
curl. - Sanitization: There is no evidence of input validation or sanitization for parameters before they are passed to the shell.
Audit Metadata