Skills
skills/chunkytortoise/enterprisehub/Maintenance Automation/Gen Agent Trust Hub

Maintenance Automation

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of system commands and subprocesses to perform its functions.
  • Modifies the system's crontab for persistence and scheduling automated tasks in reference/backup-automation.md and examples/maintenance_setup_example.py.
  • Executes various CLI tools including git, pg_dump, mysqldump, pip, npm, and find for maintenance operations.
  • Uses chmod to modify file permissions on generated scripts.
  • [EXTERNAL_DOWNLOADS]: The skill manages and installs external software packages.
  • The DependencyAutomationEngine in reference/dependency-automation.md automatically installs pip-audit via pip install if it is not found on the system.
  • It performs automated updates of both Python (PyPI) and Node.js (NPM) dependencies based on configured maintenance policies.
  • [DATA_EXFILTRATION]: The skill is designed to move sensitive project data to external endpoints.
  • The BackupAutomationEngine collects source code, environment variables (.env), and database dumps, uploading them to user-configured AWS S3 buckets or local storage.
  • The orchestrator script scripts/automated_maintenance.sh sends system status and error messages to external Slack webhooks.
  • Provides functionality to email maintenance reports to an administrator-defined address.
  • [REMOTE_CODE_EXECUTION]: The skill employs dynamic script generation techniques.
  • examples/maintenance_setup_example.py contains a hardcoded Python script as a string, which it writes to the file system (scripts/maintenance_automation.py) and subsequently makes executable and runs.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8).
  • Ingestion points: Reads and parses untrusted external data from package.json, requirements.txt, and the JSON output of security tools like pip-audit and npm audit.
  • Boundary markers: No explicit delimiters or instructions are used to separate ingested data from agent commands during processing.
  • Capability inventory: The skill has broad capabilities including subprocess execution, file system writes, and network uploads (S3/Slack).
  • Sanitization: The logic lacks explicit validation or sanitization of the data retrieved from external dependency files before using them in command-line arguments for updates.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 05:34 PM