coder-hahomelabs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to use 'sudo apt-get' and provides 'kubectl' and 'docker' access. This grants root-level privileges and cluster management capabilities, which are functional for a dev environment but represent a high-impact risk if the agent's behavior is manipulated.
- [COMMAND_EXECUTION] (MEDIUM): Automated execution of 'start.sh' and 'stop.sh' scripts, combined with PM2 process management, allows for unauthorized persistence and background task execution across workspace sessions.
- [CREDENTIALS_UNSAFE] (LOW): The skill identifies sensitive environment variables including 'DATABASE_URL' (with passwords) and 'ANTHROPIC_AUTH_TOKEN'. It provides explicit commands ('env', 'printenv') to extract these credentials, creating a pathway for potential data exfiltration.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: The agent is designed to work with workspace files and project code. 2. Boundary markers: None defined to isolate instructions from data. 3. Capability inventory: 'sudo', 'gh', 'kubectl', 'docker', and multiple package managers. 4. Sanitization: No sanitization of ingested code content is specified.
Audit Metadata