unraid
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a section titled 'MANDATORY SKILL INVOCATION' using strong imperative language ('YOU MUST', 'Failure... violates your operational requirements') designed to override the agent's natural decision-making process for tool selection.
- [COMMAND_EXECUTION]: The skill relies on executing multiple local shell scripts (
unraid-query.sh,dashboard.sh,disk-health.sh,read-logs.sh) through thezsh-tool. These scripts accept arguments such as GraphQL queries and log file names which may be influenced by user prompts. - [DATA_EXFILTRATION]: The skill facilitates access to sensitive server-side information, including system logs (
read-logs.sh), disk health metrics, array status, and network share comments. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from the server environment into the agent context.
- Ingestion points: System log files accessed via
examples/read-logs.shand API responses fromscripts/unraid-query.sh. - Boundary markers: No delimiters or safety instructions are provided to the agent for handling the ingested log content.
- Capability inventory: Access to shell execution (
zsh-tool), network requests, and file system operations. - Sanitization: There is no evidence of sanitization or escaping of the external log data before it is presented to the agent.
Audit Metadata