1panel-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from the server. Ingestion points: docs/SKILL-files.md (reading file contents), docs/SKILL-logs.md (system and task logs), docs/SKILL-process.md (process details). Boundary markers: Absent from documentation instructions. Capability inventory: docs/SKILL-files.md (file modification), docs/SKILL-script.md (command execution), docs/SKILL-cronjobs.md (task scheduling), docs/SKILL-backups.md (external data transfer). Sanitization: No specific sanitization or filtering logic is defined for processed data.
- [DATA_EXFILTRATION]: The skill documentation defines several endpoints for accessing sensitive server information. This includes reading arbitrary file contents (docs/SKILL-files.md), accessing database contents (docs/SKILL-databases.md), and managing system backups (docs/SKILL-backups.md) which can be sent to external storage providers.
- [COMMAND_EXECUTION]: The skill provides the ability to execute arbitrary commands and scripts on the target server through endpoints like /core/commands and /core/script (docs/SKILL-script.md). It also supports managing system cronjobs and supervisor processes (docs/SKILL-cronjobs.md, docs/SKILL-hosts.md).
Audit Metadata