linux-shell-scripting
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous templates that execute sensitive system commands, including recursive deletion (
rm -r), service management (systemctl restart), and package installation (apt-get install). - [CREDENTIALS_UNSAFE]: The 'Database Backup Script' includes a hardcoded placeholder for a database password (
db_pass="password"), which promotes the practice of storing secrets in plain text within scripts. - [PROMPT_INJECTION]: Several scripts exhibit vulnerabilities to indirect prompt injection. They ingest untrusted data via positional parameters (e.g.,
$1,$2) and interpolate them directly into executable shell commands. For instance, the 'Data Cleanup Script' usesfind "$directory" -type f -mtime +"$days" -exec rm -v {} \;, and the 'Remote Script Execution' usesssh "$remote_server". There is no evidence of input sanitization or validation across these scripts. - [EXTERNAL_DOWNLOADS]: The skill contains logic for downloading content and installing software using tools like
curl,wget, andapt-get. While some targets are well-known (e.g., Google, GitHub), the capability to install arbitrary packages remains a significant risk. - [REMOTE_CODE_EXECUTION]: The 'Remote Script Execution' pattern allows the agent to execute local script content on a remote server via SSH, providing a powerful vector for lateral movement or unauthorized remote actions.
Recommendations
- AI detected serious security threats
Audit Metadata