Skills
skills/ccostan/home-assistantconfig/infrastructure-doc-sync/Gen Agent Trust Hub

infrastructure-doc-sync

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform administrative actions on a remote host using SSH. Specifically, it provides a command to reload a Docker service: ssh hass@192.168.10.17 "cd ~/docker_files && docker compose up -d dashy".
  • [DATA_EXFILTRATION]: The instructions expose sensitive internal infrastructure details, including private IP addresses (192.168.10.17) and specific internal file paths on remote hosts (e.g., docker_69:/home/hass/docker_files/infra_info/data/overview.json and h:\hass\docker_files\dashy/conf.yml). While used for documentation syncing, this information is highly specific to the internal network topology.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because its primary workflow involves ingesting untrusted runtime data from external hosts.
  • Ingestion points: Step 1 of the workflow in SKILL.md requires collecting "current runtime truth from hosts (containers, network mode, ports, and workload role)".
  • Boundary markers: None identified; instructions do not specify delimiters or warnings to ignore instructions embedded in the runtime data.
  • Capability inventory: The skill has the capability to execute shell commands via SSH (SKILL.md) and modify system/application configuration files (dashy/conf.yml, overview.json).
  • Sanitization: No validation or sanitization steps are defined for the data collected from hosts before it is used to update documentation or configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 05:48 PM