elasticsearch-authz
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection. The skill processes natural language descriptions of access requirements to generate administrative commands.
- Ingestion points: User prompts provided to the agent as described in the 'Decomposing Access Requests' section of SKILL.md.
- Boundary markers: The skill instructs the agent to decompose the request into components (Who, What, Access level, etc.) which serves as a logical boundary, but technical sanitization of the input strings is not specified.
- Capability inventory: The skill uses curl to perform management operations via the Elasticsearch and Kibana APIs (Users, Roles, Role Mappings).
- Sanitization: While the skill emphasizes 'Least-privilege principles' and 'Named privileges only', it relies on the agent's interpretation of the prompt to avoid misconfiguration.
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands (curl) to interact with remote APIs. These commands are constructed using variables provided by the user (URLs, usernames, passwords) and static API paths.
Audit Metadata