security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHNO_CODECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [NO_CODE] (HIGH): The referenced core script 'scripts/audit.cjs' is not present in the package, meaning the actual logic executed by the agent cannot be audited for malicious behavior.
- [CREDENTIALS_UNSAFE] (HIGH): The skill claims to search for API keys in environment files and tokens in command history, which are the most sensitive areas of a developer system.
- [COMMAND_EXECUTION] (HIGH): The documentation describes 'Auto-fix' capabilities that modify system-level file permissions and configurations, requiring elevated privileges.
- [DATA_EXFILTRATION] (MEDIUM): The stated intent to identify, aggregate, and report on found credentials creates a high-risk surface for potential data exfiltration by unverified logic.
Recommendations
- AI detected serious security threats
Audit Metadata