ansible-proxmox
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by interpolating user-controlled variables directly into Ansible tasks and shell commands without explicit sanitization.
- Ingestion points: User-defined variables such as
vm_name,cluster_name, andceph_networkinSKILL.mdand reference files. - Boundary markers: Absent; variables are interpolated directly into command strings (e.g.,
pvecm create {{ cluster_name }}). - Capability inventory: The skill utilizes
ansible.builtin.command,ansible.builtin.shell, and privileged Proxmox modules with root-level access to the virtualization infrastructure. - Sanitization: No input validation or escaping logic is implemented for the provided variables.
- [COMMAND_EXECUTION]: The skill provides numerous examples of executing system-level commands (e.g.,
pvecm,pveceph,wipefs,ip link) to manage Proxmox clusters and storage. While these are necessary for the skill's primary purpose, they require high privileges (root/sudo). - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
community.proxmoxcollection from Ansible Galaxy usingansible-galaxy. This is a standard operation targeting a well-known, trusted repository. - [SAFE]: Sensitive information such as API tokens and passwords are managed securely using the
infisicallookup plugin and theno_log: trueparameter, preventing credential exposure in execution logs.
Audit Metadata