Skills
skills/fred-drake/nix/infrastructure/Gen Agent Trust Hub

infrastructure

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes ssh to execute commands on Proxmox hosts and within LXC containers via pct exec. This provides a high-privilege capability for infrastructure maintenance, such as starting/stopping containers and checking service statuses.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-provided values for hostnames, container IDs, and commands are interpolated into shell execution strings.
  • Ingestion points: User-supplied <hostname>, <vmid>, and <command> placeholders in SKILL.md and references/host-mapping.md.
  • Boundary markers: Absent; there are no delimiters or explicit instructions for the agent to sanitize or ignore instructions potentially embedded in user-supplied data.
  • Capability inventory: Includes remote shell execution via ssh, root-level command execution within containers via pct exec, and system-wide NixOS configuration deployment via colmena.
  • Sanitization: No sanitization or validation logic is defined for user-provided inputs before they are passed to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 03:34 AM