nftables-rule-writing
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform various system operations using powerful command-line utilities to manage firewall states and persistence.
- Recommended commands include
nft(with flags for check, apply, and list),systemctl(for status, cat, and dependency analysis),journalctl(for log monitoring), andripgrep(rg) for recursive system directory searches. - Evidence: Found throughout operational guides, specifically in
references/nftables-ops-cheatsheet.mdandreferences/debug-workflow.md. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because its core workflow involves the ingestion and analysis of external data that may contain malicious instructions.
- Ingestion points: The agent is tasked with reviewing, linting, and debugging ruleset snippets or
.nftfiles provided by users or other automated agents (identified inSKILL.mdandreferences/debug-workflow.md). - Boundary markers: The provided instructions do not specify the use of delimiters or specific warning prompts to prevent the agent from being influenced by instructions embedded within the firewall rulesets under review.
- Capability inventory: The skill is equipped with capabilities to execute system commands (
nft -f), read service configurations (systemctl cat), and perform broad file system searches (rg), which could be misdirected by a successful injection (documented inreferences/nftables-ops-cheatsheet.md). - Sanitization: There is no evidence of automated validation, sanitization, or filtering of the input ruleset content before the agent processes and acts upon it.
Audit Metadata