snapshot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides templates for highly destructive operations, including
lvremove,btrfs subvolume delete,zfs destroy, and cloud-based snapshot deletion viaawsandaliyunCLIs. These allow for the irreversible removal of data backups. - [PRIVILEGE_ESCALATION] (HIGH): Nearly all operations documented (LVM management, mounting/unmounting filesystems, subvolume manipulation, and systemd service control) require root or sudo privileges. An agent using this skill would require extensive system permissions, increasing the potential blast radius of a compromise.
- [INDIRECT_PROMPT_INJECTION] (LOW): Scenario 2 uses a bash pattern (
ls | xargs) to process filenames as input for deletion commands. While intended for cleanup, this pattern is vulnerable to manipulation if filenames on the disk contain malicious characters designed to break the command structure.
Recommendations
- AI detected serious security threats
Audit Metadata