fail2ban-swag
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/fail2ban-swag.shperforms remote command execution using SSH anddocker exec. Thedocker_execfunction in the script uses$*to pass arguments, which allows for shell metacharacter injection if an argument (such as a jail name) is maliciously crafted.\n- [PROMPT_INJECTION]:\n - The skill provides an indirect prompt injection surface by reading remote log files that contain untrusted data from network requests.\n
- Ingestion points: Remote logs from Nginx and Fail2Ban are read and displayed using the
logs,nginx-access-log, andsearch-ipcommands inscripts/fail2ban-swag.sh.\n - Boundary markers: The script uses simple text headers but lacks explicit delimiters or instructions to prevent the agent from following commands embedded in the log entries.\n
- Capability inventory: The skill can modify firewall rules, edit remote configuration files, and execute arbitrary commands via Docker.\n
- Sanitization: No sanitization is performed on log content before it is processed by the agent.\n
SKILL.mdincludes instructions attempting to override agent behavior with 'MANDATORY' invocation requirements.\n- [DATA_EXFILTRATION]: Thebackupcommand inscripts/fail2ban-swag.shtransfers configuration archives from the remote host to the local environment usingscp.
Audit Metadata