asterisk-validator
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses 'docker exec' and shell commands to interact with Asterisk containers, providing the agent with administrative control over the telephony environment.
- [CREDENTIALS_UNSAFE]: The skill is designed to read sensitive files such as 'pjsip.conf', 'sip.conf', and 'mikopbx.db', which typically store plaintext passwords and system secrets.
- [DATA_EXFILTRATION]: Instructions require the agent to output specific lines and sections of configurations, which can inadvertently lead to the disclosure of credentials in the analysis report.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from system logs and configuration files (ingestion points in SKILL.md) without boundary markers or sanitization, combining this with privileged tool capabilities (capability inventory: docker exec in SKILL.md).
Audit Metadata