solarwinds-logs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The setup scripts
dotnet-runtime.shanddotnet-runtime.ps1download and execute scripts fromhttps://dot.net/v1/dotnet-install.shandhttps://dot.net/v1/dotnet-install.ps1. These scripts are executed directly withbashorpowershellto install the .NET SDK. This source is not on the provided list of trusted GitHub organizations. - DATA_EXFILTRATION (HIGH): The skill instructions in
SKILL.mdexplicitly direct the agent to output the value of theSOLARWINDS_API_TOKENenvironment variable (e.g.,echo "$SOLARWINDS_API_TOKEN") during the installation check. This exposes sensitive credentials to the agent's context and conversation log. - COMMAND_EXECUTION (MEDIUM): The
setup.shandsetup.ps1scripts modify user configuration files (such as.bashrc,.zshrc, and PowerShell profiles) to persistPATHand environment variable changes. While this is standard installer behavior, it constitutes a persistence mechanism that modifies the user's environment. - EXTERNAL_DOWNLOADS (MEDIUM): The skill installs a .NET tool from a local package directory (
./tools) and downloads the .NET installer from an external domain (dot.net). - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests log data from the SolarWinds API. Malicious log content could potentially contain instructions intended to influence the agent's subsequent actions.
- Ingestion points: Output of the
logscommand (SolarWinds API data). - Boundary markers: None present in the search tool output.
- Capability inventory: The skill can execute arbitrary CLI commands via the setup scripts and the
logstool. - Sanitization: No explicit sanitization of log content is observed before presentation to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://dot.net/v1/dotnet-install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata