server-security
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform extensive administrative actions on a remote server via SSH, including modifying firewall rules (UFW), managing system services (systemctl), and altering user shells and group memberships.
- [CREDENTIALS_UNSAFE]: The skill explicitly targets and reads metadata from sensitive files that likely contain secrets or credentials, specifically searching for ".env", ".key", ".pem", and "credentials*" files across various system directories.
- [DATA_EXFILTRATION]: The skill accesses and reports the content/count of SSH "authorized_keys" files for all login-capable users on the target system, exposing information about established trust relationships.
- [COMMAND_EXECUTION]: The skill dynamically constructs SSH command strings using user-supplied input ($SSH_TARGET), which represents a high risk for command injection if the input is not strictly validated by the AI agent.
- [PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface as it ingests large amounts of untrusted output from remote commands (e.g., login logs, service versions, and file listings) without sanitization or boundary markers, which could allow a compromised target server to influence the agent's behavior.
- Ingestion points: Multiple SSH command outputs across all audit steps in SKILL.md.
- Boundary markers: None identified; raw output is directly processed to generate reports.
- Capability inventory: Full shell execution, package installation, and remote file/configuration writing via SSH.
- Sanitization: None identified; the skill relies on the LLM to interpret and aggregate raw command results.
Recommendations
- AI detected serious security threats
Audit Metadata