experiment-queue
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill exte n s i v e l y uses SSH to run sh e l l comman ds on remote hosts, in clu d in g backg roun d task man age ment with
n o hu p. Comman ds ar e constructe d th rough st rin g in ter po l a t i o n , whi ch pre sents a surface for in j ection if va ri a b l e s li ke di r ector y paths or pro j e ct names ar e imprope r l y han d l e d . \n- [REMOTE_CODE_EXECUTION]: Orch e s t r a t i o n re l i e s on copy in g lo cal scripts (queu e_man age r.py) to remote servers an d executing th em. It al so expli citly sup ports th e us e ofe v a lfor sh e l l ho ok in i t i a l i z a t i o n , whi ch al lows for d yn amic co d e execution at run t i m e . \n- [PROMPT_INJECTION]: The skill exhi bi ts an in di rect promp t in j ection surface by in gesting un truste d da t a . \n - In gesting po i n t s: YAM L man i fests an d g ri d sp e c i f i c a t i o n s provi de d by users or gene rate d from na t u r a l lan guage de scripti ons.\n
- Boun d a r y ma rk e r s: No ne expli citly imple mente d to se pa rate in structions from da t a in th e gene rate d man i fests . \n
- Cap a bi l i ty in ventory: Uses
s s hfor remote comman d execution an de v a lfor envi ronment in i t i a l i z a t i o n . \n - San i t i z a t i o n: Emplo ys
%qsh e l l -e s c a p i n g for some lo cal va ri a b l e s , bu t la cks compre hen si ve san i t i z a t i o n for man i f e s t -d ri ven remote comman d s . \n- [DATA_EXFILTRATION]: The es t a b l i s h e d SSH an d SC P c han nels us e d to mo v e man i f est an d st a t e da t a be twe en envi ronments co u l d b e mi suse d to t ran sfe r se n si t i ve fi l es if th e agent 's in structions ar e di ve rte d .
Audit Metadata