octoprint
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONNO_CODEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to request highly sensitive information, including the OctoPrint Global API Key and SSH authentication details (passwords or private keys), which are stored in session memory and used in shell commands.
- [COMMAND_EXECUTION]: The skill utilizes potentially dangerous shell commands via curl and ssh, including sudo for system service control and direct execution of G-code on hardware.
- [NO_CODE]: There is a reference to a missing Python script, scripts/ssh_helper.py, which is supposed to handle SSH connections for Windows environments.
- [DATA_EXFILTRATION]: The skill provides commands for reading logs and performing system backups, which could be exploited to access sensitive system information or printer configuration data.
Audit Metadata