warden-dev
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill is built around executing local shell commands through the warden utility. This provides the agent with significant control over local services and the ability to enter interactive container shells (warden shell, warden debug), which could be abused if the agent is misled.
- [DATA_EXFILTRATION] (LOW): The skill provides patterns for dumping and importing databases and managing .env files. While these are standard developer tasks, they involve handling potentially sensitive credentials and data, creating an exposure risk if handled unsafely by the agent.
- [PROMPT_INJECTION] (LOW): Potential for indirect injection during configuration tasks. Ingestion points: .env files and external documentation referenced in 'Framework Compatibility'. Boundary markers: Absent. Capability inventory: Shell execution (warden), file modification, and database access. Sanitization: None described in the skill documentation.
Audit Metadata