admin-devops
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill documentation and functional examples explicitly direct the agent to handle sensitive file paths, specifically referencing SSH private keys (
C:/Users/Owner/.ssh/id_rsa) and.env.localfiles described as containing provider credentials. - [Indirect Prompt Injection] (LOW): The skill exhibits a surface for indirect prompt injection due to its reliance on external data files.
- Ingestion points: Data is ingested from the unified profile JSON (
$ADMIN_PROFILE_PATH) and deployment-specific.env.localfiles. - Boundary markers: None; the skill lacks delimiters or instructions to treat data within these files as untrusted.
- Capability inventory: The skill can execute SSH commands, run local shell/PowerShell scripts, and modify the file system.
- Sanitization: Absent; values from the profile (e.g., host, username, keyPath) are interpolated directly into shell commands without validation.
- [Command Execution] (MEDIUM): The skill executes arbitrary shell and PowerShell commands to manage infrastructure. It specifically calls external scripts (
scripts/Load-Profile.ps1,scripts/load-profile.sh) and system utilities (ssh,jq,ConvertTo-Json) to perform its core functions.
Audit Metadata