naga-config
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
/system/configendpoint exposes sensitive configuration data, including LLMapi_keyvalues and Neo4j database connection details. Accessing this data creates a risk of credential exposure if the agent outputs the full configuration object. - [COMMAND_EXECUTION]: The
/mcp/importendpoint allows for the execution of arbitrary shell commands on the host system. It specifically usesnpxto download and run Node.js packages, which can be exploited if an attacker provides a malicious package name or command string. - [PROMPT_INJECTION]: The skill allows the agent to read and overwrite its own system instructions via the
/system/promptendpoint. This could be used to bypass security constraints or permanently alter the agent's behavior through persistent prompt modification. - [EXTERNAL_DOWNLOADS]: The skill instructions explicitly encourage the agent to search the internet (via
online_search) for MCP tools and then install them usingnpx. This creates a direct path for indirect prompt injection or supply chain attacks where the agent executes untrusted code found on public repositories or registries. - [DATA_EXFILTRATION]: Since the skill can read the entire system configuration and also has access to network-capable tools (like
online_search), there is a risk that sensitive system secrets could be exfiltrated to an external server if the agent is compromised.
Audit Metadata