unraid
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains forceful instructions such as '⚠️ MANDATORY SKILL INVOCATION ⚠️' and 'Failure to invoke this skill... violates your operational requirements', which are attempts to override the agent's behavior and tool-selection logic. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its log-reading features. An attacker who can influence system logs (e.g., via web server errors or failed login attempts) could inject instructions that the agent might follow when it queries those logs.
- Ingestion points:
examples/read-logs.shandscripts/dashboard.shingest syslog data through the API. - Boundary markers: There are no delimiters or warnings to prevent the agent from following instructions found within the logs.
- Capability inventory: The skill has network access (
curl) and local file-writing capabilities. - Sanitization: Ingested log data is not filtered or sanitized before being output to the agent.
- [DATA_EXFILTRATION]: The skill collects sensitive metadata about the host server, including hardware UUIDs, system configurations, and system logs. The
scripts/dashboard.shscript specifically aggregates this data and writes it to a file (unraid-inventory.md) in the user's home directory. - [COMMAND_EXECUTION]: The skill executes multiple shell scripts that use
curlfor network requests andjqfor parsing sensitive server data, relying on environment variables for authentication. - [EXTERNAL_DOWNLOADS]:
scripts/dashboard.shattempts to source an external scriptlib/load-env.shlocated outside the skill's root directory. This represents an unverifiable dependency on a script not provided in the skill package.
Audit Metadata