elk-stack
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Privilege Escalation (HIGH): Host Control via Docker Socket. The Filebeat service is configured to run as 'root' and mounts the host's Docker socket ('/var/run/docker.sock'). This allows the container to interact directly with the host's Docker daemon, which can be exploited for container escape and full host compromise.
- Data Exposure & Exfiltration (HIGH): Unauthenticated Data Access. The Elasticsearch configuration explicitly sets 'xpack.security.enabled=false', which disables all security features including authentication and authorization. This allows any user with network access to read, modify, or delete sensitive log data within the cluster.
- Indirect Prompt Injection (MEDIUM): Malicious Log Ingestion. 1. Ingestion point: Logstash TCP/Beats inputs and Filebeat container log paths in SKILL.md. 2. Boundary markers: Absent; logs are processed directly without sanitization. 3. Capability inventory: The skill configures Watcher alerts that send data to Slack webhooks. 4. Sanitization: Absent; content is parsed into structured fields but not validated. Risk: Maliciously crafted log entries could trigger false alerts or influence decision-making if log outputs feed into higher-privilege automation.
Recommendations
- AI detected serious security threats
Audit Metadata