ansible-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides patterns for executing
ansible-playbookwithbecome: true, which allows for privileged command execution (root access) on target systems. While standard for Ansible, this capability represents a significant security risk if the input is untrusted.\n- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. It processes external Ansible playbook files (.yml) and configuration files (.ansible-lint) which could contain malicious instructions designed to subvert the agent's logic or exploit its execution environment.\n - Ingestion points: Playbook files and lint configurations stored in the
ansible/directory.\n - Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded within the data files.\n
- Capability inventory: Full system command execution via
uv run ansible-playbookandansible-lint, including privileged operations on targets.\n - Sanitization: No sanitization or validation of the YAML content is specified before execution or linting.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The GitHub Actions documentation includes an unversioned installation of the
uvtool viapip install uv. This practice can expose the environment to supply chain attacks if the package registry is compromised or if malicious versions are published.
Recommendations
- AI detected serious security threats
Audit Metadata