agenix-secrets
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly references and utilizes the private SSH key path at
~/.ssh/id_ed25519for decryption operations. - [CREDENTIALS_UNSAFE]: The skill integrates with the 1Password CLI (
op) to retrieve, create, and process login credentials, which are then piped into other commands. - [COMMAND_EXECUTION]: The skill directs the agent to execute multiple shell commands including
age,jq,op,git, and a deployment tool namedhey. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it processes content from external files (
secrets.nix,.agefiles) and interpolates that data into shell commands or Nix configurations. - Ingestion points: Reads data from
hosts/<host>/secrets/secrets.nixand decrypted content from.agefiles. - Boundary markers: Absent; the skill does not define delimiters or warnings to prevent the AI from following instructions embedded in secret values or configuration files.
- Capability inventory: Extensive subprocess execution capabilities including
age,op,git, andheyfor deployment. - Sanitization: None; the skill uses direct shell piping (e.g.,
printf ... | age) which does not sanitize input for shell metacharacters or embedded instructions.
Audit Metadata