managing-configuration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The dynamic inventory configuration in 'examples/inventory/dynamic-aws/aws_ec2.yml' specifically targets AWS credentials stored in the user's home directory (~/.aws/credentials). Access to such files is a primary target for credential exfiltration.
- [COMMAND_EXECUTION] (HIGH): Playbooks such as 'multi-tier-app.yml' and 'simple-webserver.yml' use 'become: yes' to execute tasks with elevated root authority. This capability allows the agent to perform arbitrary system modifications, including installing software and reconfiguring network services.
- [EXTERNAL_DOWNLOADS] (LOW): The migration guide and inventory files recommend using 'ansible-galaxy' and 'ansible-pull' to download and execute code from remote repositories. This creates a dependency on external sources and poses a supply-chain risk if the repositories are not strictly controlled.
Recommendations
- AI detected serious security threats
Audit Metadata