vps-checkup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to execute powerful system commands with
sudoprivileges across SSH. These include package list updates (apt update), firewall configuration (ufw), and service status checks. While configured for 'read-only' by default, the underlying capability allows for full system modification. - [CREDENTIALS_UNSAFE] (HIGH): The skill requires the user to provide sensitive SSH access details and
sudopermissions. Granting an AI agent root-level access to a server is a high-risk operation that could lead to full system compromise if the agent's logic is subverted. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it ingests untrusted data from the VPS environment and processes it via the LLM.
- Ingestion points: System logs via
journalctl, container metadata viadocker ps, and package lists viaapt listinSKILL.md. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the command outputs.
- Capability inventory: SSH network access,
sudoprivilege escalation, and file system modification via package managers as described in the Workflow section. - Sanitization: Absent. There is no mention of filtering or sanitizing the data returned from the VPS before it is parsed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata