kernel-process-execution
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides functions for arbitrary shell command execution via the 'kernel' CLI. The inclusion of the '--as-root' flag explicitly allows for privilege escalation to administrative levels within the VM environment.
- REMOTE_CODE_EXECUTION (HIGH): By allowing arbitrary command execution and the use of package managers (e.g., 'apt-get'), the skill facilitates the installation and execution of remote code.
- INDIRECT_PROMPT_INJECTION (HIGH): Ingestion points: Content from browser sessions (session_id) accessed via the VM. Boundary markers: None present in the provided skill definitions. Capability inventory: Full synchronous/asynchronous command execution, root access, background process spawning, and stdin manipulation. Sanitization: None provided. The skill possesses high-risk capabilities that can be triggered by malicious instructions embedded in web pages processed by the browser VM.
Recommendations
- AI detected serious security threats
Audit Metadata