kcli-testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructs the user to execute 'sudo' commands to create directories and modify Access Control Lists (ACLs) on system paths such as '/var/lib/libvirt/images'. This provides a mechanism for an agent to acquire root-level filesystem permissions.
- Command Execution (MEDIUM): The skill executes local repository scripts ('.github/linting.sh' and '.github/testing.sh'). These scripts are not provided in the skill itself, creating a risk of executing arbitrary code if the repository content is manipulated.
- Data Exposure (LOW): The skill manages sensitive data by generating and referencing SSH private keys stored at '~/.kcli/id_rsa'. While intended for VM access, this exposes a standard path for credential harvesting.
Recommendations
- AI detected serious security threats
Audit Metadata