emergency-ulimit-mitigation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (HIGH): The skill performs persistent, system-wide changes to critical files like /etc/pam.d/common-session (PAM), /etc/security/limits.conf, and /etc/sysctl.conf using root privileges. Errors in PAM configuration can result in a total system lockout.
- [Command Execution] (HIGH): It executes 'docker system prune -f', a destructive command that deletes Docker containers and images without user confirmation, which is outside the core scope of ulimit adjustment.
- [Command Execution] (MEDIUM): Restarts system-critical services (docker, traefik) and enables unverified external systemd timers (fd-monitor.timer), which may lead to service downtime.
- [Indirect Prompt Injection] (LOW): The skill attempts to read a local file (~/d/AI/Prompts/Commands/fix-ulimit-exceeded.md) into a shell variable, which could contain instructions that influence agent behavior. Evidence Chain: 1. Ingestion points: SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Full sudo command execution, service management, and file modification across all scripts. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata