sre-engineer
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The file 'references/automation-toil.md' includes an 'AutomatedRunbook' class that uses 'subprocess.run(command, shell=True)'. This pattern allows the execution of arbitrary shell commands and is susceptible to command injection if input is not strictly controlled.
- [COMMAND_EXECUTION]: Several scripts in 'references/automation-toil.md' and 'references/incident-chaos.md' execute sensitive system and infrastructure commands, including 'systemctl restart', 'kubectl delete', 'tc' (traffic control), and 'iptables'. These operations typically require high privileges and can significantly impact system availability.
- [EXTERNAL_DOWNLOADS]: The 'check_service_responsive' function in 'references/automation-toil.md' utilizes the 'curl' command to perform network requests against local health endpoints.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it defines workflows that ingest potentially untrusted data and perform high-privilege operations.
- Ingestion points: The 'AutomatedRunbook' (in 'references/automation-toil.md') and 'ChaosExperiment' (in 'references/incident-chaos.md') handle string-based commands and hypotheses.
- Boundary markers: The provided code templates do not implement boundary markers or instructions to ignore embedded commands within processed data.
- Capability inventory: Broad access to system shell and CLI tools like 'kubectl' and 'iptables'.
- Sanitization: No evidence of command validation or input escaping in the provided Python examples.
Audit Metadata