ansible-interactive
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SECURITY_BEST_PRACTICES] (LOW): The skill recommends setting
host_key_checking = Falsein theansible.cfgfile. This disables SSH host key verification, making the system vulnerable to Man-in-the-Middle (MitM) attacks during automated connections. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill demonstrates a pattern where untrusted data from environment analysis is interpolated into configuration files and commands without sanitization.
- Ingestion points: User-provided server IP addresses, hostnames, and user credentials gathered in Phase 1.
- Boundary markers: Absent; the templates do not use delimiters or warnings to ignore instructions embedded within these variables.
- Capability inventory: The skill uses
ansible-playbookand shell commands, which possess the capability to execute tasks with elevated privileges on remote servers. - Sanitization: Absent; the skill does not suggest any validation or filtering of the gathered data before it is used in the
inventoryoransible.cfgfiles. - [COMMAND_EXECUTION] (SAFE): The skill instructs the agent to run standard Ansible commands and shell utilities for project management. This is the primary intended purpose of the skill.
- [DATA_EXPOSURE] (SAFE): The inventory example references the sensitive path
~/.ssh/id_rsa. This is appropriate for Ansible authentication and does not constitute unauthorized exposure in this context.
Audit Metadata