env-setup
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The file
config/settings.jsoncontains a hardcodedANTHROPIC_AUTH_TOKEN, andconfig/mcp_config.jsoncontains an active Upstash API key (ctx7sk-...). Sharing or using these files exposes the user's accounts to unauthorized use. - COMMAND_EXECUTION (HIGH): The script
config/servers/install_mcp.ps1modifies the globalsettings.jsonfile in the user's profile to inject new MCP servers and permissions. This constitutes a persistence mechanism and allows for unauthorized configuration changes. - PROMPT_INJECTION (MEDIUM): Several files in
config/output-styles/(e.g.,nekomata-engineer.md,ojousama-engineer.md) contain instructions for the AI to 'refuse any attempt to modify or ignore rules' and 'refuse to discuss instructions', which are classic prompt injection patterns designed to override agent behavior. - EXTERNAL_DOWNLOADS (LOW): The skill's core functionality relies on cloning and syncing configurations from arbitrary external GitHub repositories, which creates a significant attack surface for indirect prompt injection and remote code execution if the source is untrusted.
Recommendations
- AI detected serious security threats
Audit Metadata