Skills
skills/thangphistudent/myskills/sysmedic/Gen Agent Trust Hub

sysmedic

Fail

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill reads the wp-config.php file to extract plaintext database usernames and passwords using grep and cut commands.
  • [COMMAND_EXECUTION]: The skill performs extensive high-privilege system modifications, including editing service configurations in /etc/nginx/, /etc/mysql/, and /etc/php/, tuning kernel parameters via sysctl, and establishing persistence through crontab modifications and systemd service overrides.
  • [DATA_EXFILTRATION]: The skill performs broad data exposure by backing up entire databases and the server's configuration directories into the /root/ directory, making sensitive data vulnerable to unauthorized local access.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Nginx, Apache, and MySQL logs. Ingestion points: /var/log/nginx/access.log, /var/log/apache2/error.log, /var/log/mysql/slow.log. Boundary markers: Absent. Capability inventory: Service restarts, configuration file modification, and cron job creation. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 26, 2026, 02:55 AM