ansible
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface as the agent is designed to process and generate content based on external automation files. \n
- Ingestion points: The agent interact with user-provided playbooks and inventories (e.g., inventory/proxmox.yml) which may come from untrusted sources. \n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are documented for the agent when processing these files. \n
- Capability inventory: The skill documents extensive automation capabilities, including shell execution (ansible.builtin.shell), command runs (ansible.builtin.command), and remote API management (community.general.proxmox, community.docker). \n
- Sanitization: No input validation or sanitization mechanisms are defined for the data processed by the agent. \n- [EXTERNAL_DOWNLOADS]: The documentation instructs users to install dependencies from well-known and trusted registries. \n
- Evidence: In references/proxmox/dynamic-inventory.md, users are directed to install 'proxmoxer' and 'requests' via pip. \n
- Evidence: Throughout the skill, instructions are provided for installing collections and roles via the official ansible-galaxy tool. \n- [COMMAND_EXECUTION]: The skill documents modules for command execution and suggests configurations that lower security in specific scenarios. \n
- Evidence: SKILL.md and references/modules.md provide examples for the 'ansible.builtin.shell' and 'ansible.builtin.command' modules. \n
- Evidence: references/proxmox/authentication.md and references/proxmox/dynamic-inventory.md describe disabling certificate validation (validate_certs: false) as a workaround for self-signed certificates.
Audit Metadata