admin-devops
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands (PowerShell and Bash) using values retrieved from infrastructure inventory files. This includes sensitive operations like SSH connections where user-provided hostnames and usernames are interpolated directly into command strings.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: The agent context is populated with data from external files such as
.agent-devops.envand.env.localusing the parsing logic inscripts/agent_devops_inventory.pyandscripts/agentDevopsInventory.ts. - Boundary markers: The instructions do not define boundary markers or delimiters to differentiate between system instructions and data from the inventory, nor is the agent instructed to ignore executable patterns within the data.
- Capability inventory: The skill allows the agent to execute shell commands, perform SSH connections, and modify local configuration files.
- Sanitization: The parser scripts in the
scripts/directory perform basic string splitting but lack logic to sanitize or escape shell-sensitive characters (such as semicolons, backticks, or command substitution markers) before they are used in command construction.
Audit Metadata