Linux Production Shell Scripts
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes templates that execute high-privilege system commands such as 'sudo apt-get', 'useradd', and 'systemctl' for managing system state and services.
- [CREDENTIALS_UNSAFE]: A database backup template contains a placeholder for a password ('db_pass="password"'), which may lead to insecure storage of credentials in script files.
- [REMOTE_CODE_EXECUTION]: A template is provided to execute local scripts on remote servers using SSH ('ssh ... bash -s < ...'), which represents a significant execution capability.
- [EXTERNAL_DOWNLOADS]: Scripts use 'apt-get' to install software and 'curl' to check website uptime, involving interactions with external network resources.
- [DATA_EXFILTRATION]: The skill provides a template using 'rsync' to transfer local directory contents to remote servers, which could be used to move sensitive data out of the environment.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data through script arguments and variables (e.g., in Phase 4 and 5) without sanitization, while possessing high-impact capabilities like file deletion and remote access.
Audit Metadata