osmedeus-expert
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands through the bash step type and osmedeus run CLI commands, which is the primary function of the engine.
- [REMOTE_CODE_EXECUTION]: The CLI supports a --module-url flag that allows the engine to fetch and execute YAML workflows from remote URLs. Additionally, the remote-bash step type enables command execution on remote hosts via SSH or Docker.
- [PROMPT_INJECTION]: The agent step type creates a surface for Indirect Prompt Injection. For instance, Example 5 processes data from {{live_hosts}} using an AI agent equipped with a bash tool.
- Ingestion points: Untrusted scan results and host lists processed in agent steps (e.g., {{live_hosts}}, {{Output}}/subs.txt).
- Boundary markers: None identified in the documented examples to separate untrusted data from instructions.
- Capability inventory: Agents have access to highly privileged tools including bash, read_file, save_content, and http_get.
- Sanitization: No explicit sanitization or validation of the processed data is shown in the examples.
- [EXTERNAL_DOWNLOADS]: The osmedeus install commands are used to download binaries, presets, and workflows from external sources. While these typically target vendor repositories, they involve fetching executable content over the network.
- [COMMAND_EXECUTION]: Support for dynamic code execution is provided through utility functions such as exec_python(), exec_ts(), and ssh_exec(), which execute code or commands from strings.
Audit Metadata