drush
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for a wide array of Drush commands that interact directly with the server's shell, including site deployment (
drush deploy) and code generation (drush generate). - [REMOTE_CODE_EXECUTION]: The skill documents commands for dynamic code execution, specifically
drush php:evalanddrush php:script, which allow the execution of arbitrary PHP code within the full Drupal bootstrap context, granting access to the entire application API and filesystem. - [DATA_EXFILTRATION]: Documentation for
drush sql:dumpfacilitates exporting the entire site database to a file, which could lead to unauthorized data exposure if handled improperly. - [CREDENTIALS_UNSAFE]: The skill includes commands to generate one-time login links (
drush uli) and reset user passwords (drush user:password), which can be used to bypass standard authentication mechanisms or escalate privileges. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection:
- Ingestion points: The agent is instructed to read data from the database (
sql:query), site logs (watchdog:show), and configuration (config:get), which may contain attacker-controlled content. - Boundary markers: There are no instructions for using delimiters or boundary markers to separate retrieved data from the agent's internal reasoning.
- Capability inventory: The skill provides high-impact capabilities including PHP execution, SQL execution, and permission management.
- Sanitization: No sanitization or validation logic is provided for processing data retrieved from the Drupal site before the agent acts upon it.
Audit Metadata