Skills
skills/github/gh-aw-firewall/debug-firewall/Gen Agent Trust Hub

debug-firewall

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses sudo to perform administrative operations, including modifying iptables firewall rules, viewing kernel logs with dmesg, and accessing restricted log files in /tmp.
  • [COMMAND_EXECUTION]: Employs docker exec and docker logs to interact with containers, allowing the execution of arbitrary commands within the awf-squid and awf-agent environments.
  • [COMMAND_EXECUTION]: Instructs the agent to run a local cleanup script (./scripts/ci/cleanup.sh) and remove docker networks and containers.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading external traffic logs.
  • Ingestion points: Network access logs are read from /var/log/squid/access.log using cat, grep, and awk (SKILL.md).
  • Boundary markers: No delimiters or warnings are used to prevent the agent from interpreting log content as instructions.
  • Capability inventory: The skill can execute shell commands via sudo, manage iptables, and run commands in Docker containers (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the log data before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 01:38 PM