ssh-keygen
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses highly sensitive file paths containing SSH private keys and security configurations. Evidence: SKILL.md defines search patterns for **/.ssh/authorized_keys, **/.ssh/known_hosts, **/.ssh/config, and **/.ssh/id_*. Evidence: references/cheatsheet.md provides commands to read and manipulate these files, including extracting public keys and auditing authorized keys across all user directories.
- [COMMAND_EXECUTION]: Executes shell commands to manage security credentials and interact with system files. Evidence: Utilizes ssh-keygen, ssh, ssh-copy-id, chmod, and sed to modify system state. Evidence: Provides instructions for writing keys to system-level directories such as /etc/myapp/.
- [REMOTE_CODE_EXECUTION]: Facilitates running commands on remote servers via the SSH protocol. Evidence: references/cheatsheet.md includes patterns for executing cat and sed on remote hosts using the ssh command.
- [PROMPT_INJECTION]: Contains a potential surface for indirect prompt injection via unsanitized interpolation of user data into shell commands. Ingestion points: User-provided hostnames, comments, and identity strings are passed directly as arguments to shell commands. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in user-provided strings. Capability inventory: Full shell command execution locally and remotely, plus sensitive file access. Sanitization: No evidence of input validation or escaping for user-provided parameters.
Audit Metadata