fix-lightning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes 'sudo systemctl restart lnd' for service management, which requires elevated privileges and presents a risk of privilege escalation if the agent's logic is subverted.- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence: (1) Ingestion point: Reads prioritized findings from the '/check-lightning' skill. (2) Boundary markers: None present to distinguish instructions from diagnostic data. (3) Capability inventory: Executes subprocess commands via 'lncli' and 'sudo'. (4) Sanitization: None detected; variables like pubkeys and host addresses are interpolated directly into shell commands. If '/check-lightning' extracts data from untrusted peers, an attacker could trigger arbitrary command execution.- [COMMAND_EXECUTION] (HIGH): The skill has the authority to move funds and open channels ('lncli openchannel --push_amt=200000'). Automated financial transactions without human-in-the-loop verification present a significant risk of asset loss.
Recommendations
- AI detected serious security threats
Audit Metadata