kcli-vm-operations
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The Troubleshooting section provides commands that use 'sudo' for virtualization tasks (e.g., 'sudo virsh start myvm'), which grants root-level access to the host system.
- Data Exposure & Exfiltration (HIGH): The skill references sensitive file paths, including '
/.kcli/id_rsa' (private SSH keys) and '/.kcli/config.yml' (which typically stores provider API keys and credentials), posing a risk of credential exposure. - Indirect Prompt Injection (LOW): The skill is designed to ingest data from an external command-line tool. Ingestion points: Untrusted data enters the agent context via the output of 'kcli list' and 'kcli info'. Boundary markers: No delimiters or instructions are present to ensure tool output is not treated as a directive. Capability inventory: The skill has capabilities to create, delete, and modify cloud infrastructure and access VMs via SSH. Sanitization: No validation or sanitization of the data returned from the kcli utility is suggested, creating an attack surface for injection via VM names or metadata.
Audit Metadata