keycloak-administration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The SKILL.md file includes instructions to download Keycloak from github.com via wget. While github.com is a standard platform, this specific organization is not on the predefined trusted list, requiring user verification of the download source.
- REMOTE_CODE_EXECUTION (MEDIUM): The skill provides a sequence to download, extract, and execute the bin/kc.sh script. This 'download then execute' pattern is a high-risk behavior that is downgraded to MEDIUM due to its necessity for the primary purpose of the skill.
- CREDENTIALS_UNSAFE (MEDIUM): Multiple files (SKILL.md, references/integration-examples.md, references/ha-scalability.md) contain hardcoded default credentials such as 'password', 'admin', and placeholder secrets. These should never be used in production.
- COMMAND_EXECUTION (LOW): The skill provides numerous shell commands for managing Keycloak services, databases, and users. These are standard for administration but should be executed with appropriate privileges.
- INDIRECT_PROMPT_INJECTION (LOW): The skill documents configurations for ingesting untrusted data from LDAP and Identity Providers. Evidence Chain: 1. Ingestion points: LDAP sync and Identity Provider attributes (references/user-federation.md). 2. Boundary markers: Absent in configuration snippets. 3. Capability inventory: Execution of bin/kc.sh and docker commands. 4. Sanitization: Not explicitly implemented in provided examples.
Audit Metadata