ssh-remote-connection
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill's configuration pattern (config/.env.example) and the script (scripts/connect.sh) facilitate storing SSH private key passphrases in plaintext via the SSH_KEY_PASSWORD variable. This exposes sensitive credentials to any user or process with read access to the environment or the configuration file.
- DATA_EXFILTRATION (HIGH): The use of the '-A' flag in the ssh command enables SSH Agent Forwarding. If the remote server is compromised or controlled by an adversary, they can use the forwarded agent to authenticate as the user on other remote systems, effectively stealing the user's identity/access rights for the duration of the connection.
- COMMAND_EXECUTION (HIGH): The script executes arbitrary commands on a remote host using 'ssh ... "$CD_CMD $*"'. This is highly susceptible to shell command injection. If the AI agent is manipulated via indirect prompt injection to pass malicious strings, it can lead to unauthorized execution on the remote server.
- Indirect Prompt Injection (HIGH): This skill has a high attack surface for indirect prompt injection. It ingests untrusted data from a remote server (e.g., Docker logs, file contents) and possesses high-privilege capabilities (arbitrary command execution). A compromised server could output malicious instructions that influence the agent's next steps without sufficient boundary markers or sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata