exe-dev
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands using SSH (e.g., 'ssh exe.dev ls', 'ssh exe.dev new') and other tools like mitmproxy. This allows the agent to interact with the local operating system and an external cloud service.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by interpolating user-supplied data into shell commands. ● Ingestion points: User-provided values for VM names, email addresses, and port numbers in SKILL.md and references/exe-dev-vm-service.md. ● Boundary markers: Absent. The skill does not provide instructions to delimit or validate user input before it is used in shell commands. ● Capability inventory: The agent can execute SSH commands, file transfers (scp), and network tools (mitmdump) as described in the reference files. ● Sanitization: Absent. There are no guidelines or scripts provided to sanitize user input against command injection characters (e.g., semicolons, backticks) before execution.
Audit Metadata