Skills
NYC
skills/aidotnet/moyucode/env-manager/Gen Agent Trust Hub

env-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The scripts/env_manager.py script is designed to interact with sensitive files (.env) and system environment variables (os.environ). These sources typically contain API keys, database credentials, and other secrets.
  • [DATA_EXFILTRATION] (HIGH): The get subcommand retrieves and prints the raw, unmasked value of any environment variable. This allows an agent (or an attacker influencing the agent) to extract sensitive credentials and output them to a chat log or other potentially monitored channels.
  • [Metadata Poisoning] (MEDIUM): The SKILL.md file claims the tool supports 'encryption,' yet the provided implementation in scripts/env_manager.py lacks any encryption functionality. This misleading metadata can lead users to believe their secrets are being handled more securely than they actually are.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:33 PM