tunnels
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill enables the creation of public tunnels to local network ports. This capability can be used to expose sensitive local services, such as databases or internal admin panels, to the public internet. Although the skill includes warnings against this, the agent could be manipulated into exposing such services.
- [COMMAND_EXECUTION]: The documented workflows utilize shell command substitution (e.g.,
$(...)) and pipe operations withjqto chain commands together. This creates a surface for dynamic command generation where if variables like file paths or labels are influenced by an attacker, it could lead to unintended command execution parameters. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8):
- Ingestion points: The skill ingests data from local file paths and the output of server discovery commands.
- Boundary markers: There are no boundary markers or delimiters used when interpolating variables into commands or messages.
- Capability inventory: The agent can start servers, create public tunnels, and send messages to external channels.
- Sanitization: No sanitization or validation logic is present for the data being passed between the server, tunnel, and messaging components.
Audit Metadata