asterisk-tester
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides a curl command example with hardcoded credentials ("admin:password") for AMI authentication.
- [COMMAND_EXECUTION]: The skill performs high-privilege operations via docker exec to interact with the Asterisk CLI and execute AGI scripts directly within the container environment.
- [DATA_EXFILTRATION]: The skill accesses sensitive information including the system database ("mikopbx.db") and Asterisk logs ("/var/log/asterisk/full"), which may contain call details and configuration secrets.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Dialplan output and system logs (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: docker exec, bash, sqlite3, curl (SKILL.md). 4. Sanitization: No sanitization or validation of the ingested external content was detected.
Audit Metadata