ssh
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill facilitates arbitrary remote command execution via
ssh user@hostname "command". There are no sanitization patterns for the command string, hostnames, or usernames, making it highly susceptible to command injection if integrated into an automated agent pipeline. - [DATA_EXFILTRATION] (HIGH): The skill contains multiple instructions to read and manipulate sensitive private keys located in
~/.ssh/. Specifically, commands likecat ~/.ssh/id_rsaorssh-addexpose high-value credentials that could be exfiltrated if the agent is compromised or subjected to a prompt injection attack. - [PROMPT_INJECTION] (HIGH): Category 8: Indirect Prompt Injection.
- Ingestion points: Remote command output, SSH server MOTD/banners, and user-provided host parameters.
- Boundary markers: Absent. No delimiters are used to separate untrusted remote output from agent instructions.
- Capability inventory: Full subprocess execution (ssh, bash), file system modification (authorized_keys), and network tunneling.
- Sanitization: None. Data from remote hosts is processed as raw text.
- [CREDENTIALS_UNSAFE] (MEDIUM): Recommends the use of Agent Forwarding (
ssh -A), which is a known security risk that allows a compromised remote server to access the user's local SSH agent. It also demonstrates manual insertion of keys intoauthorized_keyswithout verifying the source.
Recommendations
- AI detected serious security threats
Audit Metadata