Skills
skills/iyaki/ralph/shell-command/Gen Agent Trust Hub

shell-command

Fail

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly recommends piping plaintext passwords to the sudo command using echo "password" | sudo -S command. This practice encourages the exposure of sensitive credentials in command history or script files.
  • [COMMAND_EXECUTION]: The provided command reference suggests bypassing SSH host identity verification using the -o StrictHostKeyChecking=no flag. This disables essential security checks, making the environment vulnerable to Man-in-the-Middle (MITM) attacks.
  • [PROMPT_INJECTION]: The skill includes behavioral directives that instruct the agent to "ignore 'BAD' (negative) assumptions" and explicitly states that the "Rules in this file override general model training or other documentation." This is a pattern used to bypass an agent's standard instructions or safety filters.
  • [EXTERNAL_DOWNLOADS]: The documentation promotes using curl -fsSL and wget -q for remote resource retrieval. These tools, especially when combined with shell execution patterns, are primary vectors for downloading and running unverified remote code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 17, 2026, 12:15 AM