infrastructure-health-check
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands and bash scripts to monitor service health.
- Evidence: 'SKILL.md' and 'scripts/health-check.sh' invoke 'docker', 'openssl', and 'dig' to check container status, certificates, and DNS records.
- [DATA_EXFILTRATION]: The skill reads local configuration files containing sensitive credentials to authenticate with external services.
- Evidence: 'scripts/health-check.sh' reads '/home/dawiddutoit/projects/network/.env' to obtain the 'CLOUDFLARE_ACCESS_API_TOKEN', which is then used in API requests.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to external service providers.
- Evidence: 'scripts/health-check.sh' uses 'curl' to communicate with 'api.cloudflare.com'. This interaction targets a well-known service and is necessary for the skill's primary functionality.
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from command outputs and API responses.
- Ingestion points: 'docker logs', HTTP headers from 'curl', and JSON data from the Cloudflare API in 'scripts/health-check.sh'.
- Boundary markers: Not present; the skill parses raw output using 'grep' and 'python3'.
- Capability inventory: The agent has access to 'Bash', 'Read', and 'Grep' tools, allowing it to execute local commands and read files.
- Sanitization: The skill uses 'python3 -c' to parse structured JSON, but relies on 'grep' for unstructured log data.
Audit Metadata