Skills
skills/evolv3-ai/vibe-skills/admin-unix/Gen Agent Trust Hub

admin-unix

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches installation scripts for the uv package manager from astral.sh and Homebrew from GitHub. These are well-known technology services and are used here for legitimate environment setup.
  • [COMMAND_EXECUTION]: Executes administrative commands using sudo for package management (apt, dnf) and service management (systemd). These operations are consistent with the skill's stated purpose of Unix administration.
  • [PROMPT_INJECTION]: The skill reads configuration data from local JSON profile files located at ~/.admin/profiles/. This creates a surface for indirect prompt injection where variables could be manipulated if the local files are modified by an attacker. However, the risk is low and inherent to configuration-driven management.
  • Ingestion points: ~/.admin/profiles/{hostname}.json read via jq in SKILL.md and verify-unix-environment.sh.
  • Boundary markers: None identified; variables are interpolated directly into shell commands.
  • Capability inventory: High-privilege access including sudo, ssh, and system package managers across all scripts.
  • Sanitization: No explicit validation or sanitization of profile fields before use in shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:56 PM