fleet
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates remote command execution on Azure VMs through commands like
fleet advance,fleet start, andfleet run-once. It uses SSH for pane capture and task execution via the azlin utility. - [CREDENTIALS_UNSAFE]: The
fleet authcommand is used to propagate sensitive authentication tokens (GitHub, Azure, Claude) to remote virtual machines. This is a primary feature intended for enabling agent access to external services. - [PROMPT_INJECTION]: The skill features an automated reasoning engine ('Admiral') that processes untrusted external data, including tmux scrollback and agent transcripts. This presents an indirect prompt injection surface.
- Ingestion points: Remote tmux scrollback and session transcripts (SKILL.md).
- Boundary markers: Includes confidence thresholds and a default confirmation requirement for actions.
- Capability inventory: Remote command execution, auth token propagation, and task queuing.
- Sanitization: Implements 57 dangerous-input pattern blocks and a safe allow-list to mitigate malicious instructions in processed data.
Audit Metadata