load-balancer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The HAProxy configuration example in SKILL.md includes hardcoded default credentials (
admin:password) for the stats administrative interface. Deploying these defaults would allow unauthorized users to monitor and potentially manage the load balancer. \n - Evidence:
stats auth admin:passwordin SKILL.md.\n- [PROMPT_INJECTION] (LOW): The configuration templates for HAProxy and Nginx accept external data such as IP addresses and server names without validation or boundary markers. This creates a surface for indirect prompt injection if an agent populates these fields with malicious strings provided by a user. \n - Ingestion points: Server IP addresses and hostnames in HAProxy/Nginx templates in SKILL.md.\n
- Boundary markers: Absent.\n
- Capability inventory: High-privilege command execution (
apt,yum,systemctl) and configuration file management.\n - Sanitization: Absent.\n- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard package management and service control commands. While these require root privileges, their use is consistent with the primary purpose of the skill and no malicious command injection or redirection was detected. \n
- Evidence:
apt install haproxy,yum install haproxy, andsystemctlcommands in SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata