hashicorp-vault
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill grants the agent the ability to interact with sensitive secrets management systems. This creates a significant attack surface for indirect prompt injection if the agent processes untrusted external content as part of its Vault operations.\n
- Ingestion points: Secret values, configuration parameters, and storage paths provided during runtime (e.g., in
SKILL.mdunder KV and Database sections).\n - Boundary markers: None are defined in the instructions to help the agent distinguish between data to be stored and instructions to be followed.\n
- Capability inventory: High-privilege CLI commands (
vault write,vault kv put) and library calls (hvac) allowing for full management of Vault engines (KV, AWS, Database, PKI).\n - Sanitization: No input validation or escaping logic is provided in the Python or CLI snippets.\n- [Command Execution] (MEDIUM): The skill relies extensively on executing local shell commands to manage critical security infrastructure, which poses a significant risk if the command arguments are derived from unsanitized user input.
Recommendations
- AI detected serious security threats
Audit Metadata