credential-sync
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read sensitive local files and transmit their contents to a remote Trinity agent via the mcp__trinity__inject_credentials tool. Target files include .env (environment variables), .mcp.json (configurations), credentials.json (service account keys), and potentially private SSH/SSL keys (*.pem, *.key).
- [COMMAND_EXECUTION]: Employs the Bash tool to run shell commands like grep, cat, and ls for automated discovery and extraction of local credential file contents.
- [EXTERNAL_DOWNLOADS]: The provided Python scripts for local encryption and decryption require the installation of the third-party cryptography package from the Python Package Index (PyPI).
Audit Metadata