certbot
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on the
sudocommand to perform administrative tasks such as certificate generation, renewal, and system service reloads, granting the agent high-level permissions on the host system. - [COMMAND_EXECUTION]: The skill provides patterns for creating and executing custom shell scripts in the
/etc/letsencrypt/renewal-hooks/deploy/directory to automate service reloads after certificate updates. - [DATA_EXFILTRATION]: The skill's defined file globs include the
/etc/letsencrypt/live/directory, which contains sensitive private keys (privkey.pem). Access to these files is necessary for the skill's primary purpose but represents a significant exposure of cryptographic secrets. - [REMOTE_CODE_EXECUTION]: The documentation provides a method to install the
acme.shclient by piping a remote script fromhttps://get.acme.shdirectly into the shell. This is a common installation pattern for this well-known tool. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from Let's Encrypt logs (
/var/log/letsencrypt/letsencrypt.log) and renewal configuration files. Mandatory Evidence: (1) Ingestion points: log files and renewal configs in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory:sudo certbot,systemctl, and hook execution; (4) Sanitization: Absent.
Audit Metadata