Skills
skills/badsectorlabs/ludus-skills/troubleshooting/Gen Agent Trust Hub

troubleshooting

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions facilitate the retrieval of administrative credentials by reading the root API key from /opt/ludus/install/root-api-key.
  • [COMMAND_EXECUTION]: The troubleshooting guide includes several high-risk commands and scripts:
  • Destructive file operations including recursive deletion (rm -rf /opt/ludus) and automated deletion via find with the -delete flag.
  • System-level configuration changes involving systemctl, iptables, ifup, and update-ca-certificates.
  • Execution within a modified root environment via chroot for GRUB repair procedures.
  • [EXTERNAL_DOWNLOADS]: The skill references and instructs the user to download assets from the vendor's GitLab repository (gitlab.com/badsectorlabs/ludus.git) and official documentation domains (docs.ludus.cloud).
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data sources which could lead to command manipulation.
  • Ingestion points: Analyzes deployment logs, error messages, and range configurations provided by the user or system.
  • Boundary markers: None identified in the provided instructions to separate data from commands.
  • Capability inventory: Extensive shell execution capabilities including system service control, firewall modification, and file system management across multiple scripts.
  • Sanitization: There is no evidence of sanitization or filtering applied to the ingested log or error data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 07:36 AM