container-update-report
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill generates shell commands by interpolating variables directly into shell strings without sanitization.
- Evidence (SKILL.md):
grep -r "container-name" --include="*.nix" .andjust colmena <hostname>. - Risk: If a user or an upstream process provides a malicious container name (e.g.,
"; cat /etc/passwd #"), the agent will execute the injected command with the privileges of the agent process. - [DATA_EXFILTRATION] (MEDIUM): The skill uses recursive grep commands across the entire repository structure, which is explicitly stated to contain NixOS configurations.
- Evidence (SKILL.md):
grep -r "container-name" --include="*.nix" .. - Risk: NixOS configuration files often contain sensitive metadata, environment variables, or references to secrets. Allowing an agent to perform broad, unconstrained searches across these files increases the risk of sensitive data exposure.
- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on external tools (
just,colmena) and network-dependent commands. - Evidence (SKILL.md):
just update-container-digests. - Risk: While expected for container management, this command interacts with external registries and depends on the security of the local
justfileand thecolmenadeployment tool.
Recommendations
- AI detected serious security threats
Audit Metadata