zitadel-identity
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill contains numerous shell command templates for deployment (
docker compose), container management (docker exec), and API testing (curl,grpcurl). While these are necessary for the task, they represent a significant attack surface for command injection if the agent automates the replacement of placeholders like<CLIENT_ID>or<password>with untrusted input. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): Inherent risk surface due to the processing of external configuration data and user-provided secrets into command templates. Mandatory Evidence Chain: (1) Ingestion points: Setup parameters, secret keys, and application URIs. (2) Boundary markers: None provided in templates. (3) Capability inventory:
docker compose,docker exec,curl,grpcurl. (4) Sanitization: None present; the skill provides raw command structures without escaping logic. - [CREDENTIALS_UNSAFE] (LOW): The documentation uses placeholders for sensitive secrets (e.g.,
ZITADEL_MASTERKEY,ZITADEL_DATABASE_POSTGRES_USER_PASSWORD). While standard for a guide, an agent must be directed to use secure secret management instead of simple shell environment variables to mitigate exposure risk.
Audit Metadata