debian-linux-triage
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input to generate system administration commands, creating a surface for indirect prompt injection.
- Ingestion points: The skill accepts variables
${input:ProblemSummary}and${input:Constraints}which ingest data from potentially untrusted sources. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the user-provided input strings.
- Capability inventory: While the skill does not execute code itself, its primary purpose is to generate high-privilege commands (e.g., using
apt,systemctl,dpkg) for the user to run. - Sanitization: There is no evidence of input sanitization or validation to filter out malicious instructions hidden within the problem description.
Audit Metadata