linux-systemd
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to run all commands with elevated privileges using sudo or as root, which constitutes high-severity privilege escalation.
- [COMMAND_EXECUTION]: It provides instructions for creating, editing, and managing systemd unit files within protected directories such as /etc/systemd/system/, enabling the establishment of persistent services that survive system reboots.
- [DATA_EXFILTRATION]: The skill utilizes journalctl to access system logs, which can contain sensitive information, including user data, application credentials, and system state details.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data via system logs (journalctl) and processes it without specified boundary markers or sanitization, while possessing high-privilege capabilities to modify the system configuration.
Recommendations
- AI detected serious security threats
Audit Metadata