deploy-caddy-reverse-proxy
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches the Caddy web server binary directly from the official
caddyserver.comAPI and installs it to the system path. While this download originates from a well-known service, the automated execution of remote binaries with root privileges represents a significant capability.\n- [COMMAND_EXECUTION]: The skill utilizes extensive administrative privileges viasudoto perform system-level tasks, including installing binaries, creating system users/groups, and configuringsystemdservices. While consistent with the skill's purpose, these operations grant the agent broad control over the target environment.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (specifically command injection) where user-supplied parameters are interpolated into shell commands and system configurations without validation.\n - Ingestion points: Parameters collected via
AskUserQuestion, including domain names, backend ports, and static file paths.\n - Boundary markers: Absent; user-provided data is directly embedded into shell command strings and configuration files.\n
- Capability inventory: High-privilege tools including
sudo,systemctl,curl,chown, andteeare used throughoutSKILL.md.\n - Sanitization: No visible escaping, validation, or filtering logic is applied to the collected parameters before they are used in privileged shell operations.
Recommendations
- HIGH: Downloads and executes remote code from: https://caddyserver.com/api/download?os=linux&arch= - DO NOT USE without thorough review
Audit Metadata