Skills
skills/hashicorp/agent-skills/windows-builder/Gen Agent Trust Hub

windows-builder

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses the iex (Invoke-Expression) command to execute a script downloaded directly from a remote URL.
  • Evidence: iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) in the PowerShell provisioner block.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads executable content and modules from external, non-whitelisted sources.
  • Evidence: Downloads Chocolatey installer and the PSWindowsUpdate module via Install-Module.
  • COMMAND_EXECUTION (MEDIUM): The skill performs high-privilege system modifications and firewall changes.
  • Evidence: Uses netsh advfirewall to open ports 5985 and 5986, and Set-ExecutionPolicy Bypass to circumvent PowerShell security restrictions.
  • INSECURE CONFIGURATION (MEDIUM): The configurations explicitly disable security features for remote management.
  • Evidence: winrm_insecure = true in HCL, and AllowUnencrypted="true", Basic="true" in the WinRM setup script.
  • INDIRECT PROMPT INJECTION (LOW): The skill provides a surface for indirect prompt injection through the interpolation of variables into PowerShell scripts executed with high privileges.
  • Ingestion points: Packer variables (var.client_id, etc.) and HCL locals.
  • Boundary markers: None present to distinguish between template code and interpolated data.
  • Capability inventory: Full PowerShell execution via provisioners, WinRM remote shell access.
  • Sanitization: No evidence of input validation or escaping for interpolated variables.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:00 PM