multi-tenant
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes hardcoded default administrative credentials ('username=admin' and 'password=admin') in shell command examples for authenticating with a local Keycloak instance.- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to perform configuration tasks via 'curl' and 'jq', specifically for setting up protocol mappers and retrieving tokens on a 'localhost' environment.- [INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface for processing untrusted data, such as JWT claims and organization domain names during provisioning, although it demonstrates appropriate validation patterns like 'org_id' verification and input sanitization.
Audit Metadata