analyzing-options-flow
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to use the 'Read' tool to load API credentials and exchange secrets from
{baseDir}/config/crypto-apis.env. This pattern encourages the exposure of sensitive authentication data to the LLM context. - [COMMAND_EXECUTION]: The skill utilizes a Bash tool with a wildcard permission
Bash(crypto:options-*). This broad authorization allows the execution of any command prefixed with 'crypto:options-', which can be abused to execute unauthorized system operations if the underlying CLI tool is not strictly constrained. - [DATA_EXFILTRATION]: While no explicit external exfiltration was detected, the combination of reading sensitive
.envfiles and having access to network-capable tools (implied by 'crypto data queries') creates a high-risk surface for potential data exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata