nginx
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands and bundled scripts to perform administrative tasks like reloading Nginx services and managing configuration files. This is standard and expected for Nginx management.
- [EXTERNAL_DOWNLOADS]: Suggests installing certbot via the apt package manager to manage SSL certificates, which is a well-known and trusted service.
- [PROMPT_INJECTION]: The create-site.sh script interpolates user-provided domain names and paths directly into shell commands and configuration templates. This creates a surface for indirect prompt injection and path traversal if inputs are provided from untrusted external sources.
- Ingestion points: DOMAIN and ROOT_PATH arguments in scripts/create-site.sh.
- Boundary markers: No markers or delimiters are used to isolate user input from the shell logic.
- Capability inventory: File system writes to /etc/nginx/sites-available (with potential path traversal), directory creation, and service control via systemctl.
- Sanitization: No input validation or sanitization is implemented for the script arguments.
Audit Metadata