fumadocs-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (MEDIUM): The skill invokes
sudo systemctl reload caddyandsudo systemctl status caddy. Although intended for web server management during deployment, these commands represent a privilege escalation vector. Severity is adjusted to MEDIUM as this is the primary function of the skill.\n- [Command Execution] (MEDIUM): The skill executesrm -rfon several directories including.turbo,apps/docs-app/.next, andapps/docs-app/out. These are destructive operations that could be exploited if file paths are redirected or improperly constrained.\n- [Data Exposure & Exfiltration] (LOW): The skill accesses/etc/caddy/Caddyfile, which is a sensitive system-level configuration file. It also usescurlto perform network requests for deployment verification. While the targets are user-defined domains, these tools could be used for data exfiltration if the agent is compromised.\n- [Indirect Prompt Injection] (LOW): The skill presents an attack surface for indirect prompt injection.\n - Ingestion points: Reads content from local configuration files (
next.config.mjs,/etc/caddy/Caddyfile) and interprets responses fromcurlcommands.\n - Boundary markers: Absent; inputs are processed directly into logic without delimiters or safety headers.\n
- Capability inventory: Includes file system deletion (
rm -rf), system service control (sudo systemctl), and network request generation (curl).\n - Sanitization: No sanitization or validation of the ingested file content or network responses is observed before they are used to determine execution flow.
Audit Metadata