cis-benchmarks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill installs packages via apt and pulls the aquasec/kube-bench:latest Docker image. While these are common tools, they represent external dependencies executed with high privileges.
- Command Execution (HIGH): The skill provides commands for system-wide auditing and implies a remediation workflow that modifies system configurations (e.g., SSH settings, package installation). These actions typically require root privileges.
- Indirect Prompt Injection (HIGH):
- Ingestion points: Audit reports from OpenSCAP (results.xml), Lynis (/tmp/lynis-report.dat), and InSpec output.
- Boundary markers: None identified in the workflow descriptions.
- Capability inventory: Package installation (apt install), system configuration changes (implied in remediation phase), and remote execution (inspec exec).
- Sanitization: No explicit sanitization of scan results before they influence the 'remediate' workflow phase. A compromised system could produce malicious audit logs to trick the agent into performing unsafe remediation actions.
Recommendations
- AI detected serious security threats
Audit Metadata