Skills
skills/appfi5/superise-for-agent/superise-bootstrap/Gen Agent Trust Hub

superise-bootstrap

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Pulls and executes an external container image superise/agent-wallet:latest from Docker Hub, which represents the execution of third-party remote code.\n- [COMMAND_EXECUTION]: Uses docker exec to run dynamically constructed Node.js scripts within the container to verify health and MCP endpoints.\n- [DATA_EXFILTRATION]: Accesses and reports sensitive information by instructing the agent to extract the initial 'Owner password' from container logs.\n- [PROMPT_INJECTION]: Surface for indirect prompt injection exists through the ingestion of unverified data from docker logs and container API responses.\n
  • Ingestion points: Container logs and the response body from fetch calls to local service endpoints in SKILL.md.\n
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the output.\n
  • Capability inventory: The agent can execute docker run, docker exec, and container management commands defined in SKILL.md.\n
  • Sanitization: No sanitization or validation is applied to the data retrieved from the container before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 06:10 AM