Skills
skills/sickn33/antigravity-awesome-skills/linux-shell-scripting/Gen Agent Trust Hub

linux-shell-scripting

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The 'Database Backup Script' includes a hardcoded credential placeholder db_pass="password".
  • [REMOTE_CODE_EXECUTION]: The 'Remote Script Execution' script enables executing local scripts on remote servers via ssh "$remote_server" "bash -s" < "$remote_script".
  • [COMMAND_EXECUTION]: Multiple scripts utilize high-privilege system commands, including sudo apt-get install for package management, useradd and passwd for user administration, and sudo systemctl for service management.
  • [COMMAND_EXECUTION]: The 'Task Scheduler' script implements a persistence mechanism by modifying the system crontab to schedule recurring tasks.
  • [DATA_EXFILTRATION]: The 'Remote Server Backup' script transmits local data to an external server using rsync. The 'Website Uptime Checker' reaches out to well-known domains like Google and GitHub to verify connectivity.
  • [EXTERNAL_DOWNLOADS]: Scripts utilize standard utilities such as apt-get, curl, and wget to interact with and download content from external network resources.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted data from system and web server logs, creating an attack surface for indirect prompt injection.
  • Ingestion points: SKILL.md (Error Log Extractor and Web Server Log Analyzer scripts reading /var/log/syslog and /var/log/apache2/access.log).
  • Boundary markers: Absent.
  • Capability inventory: Employs grep, awk, sort, and uniq to process log contents.
  • Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 07:24 AM