doc-smith-clear
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill accesses and clears sensitive information from the system keyring (service:
aigne-doc-smith-publish) and local configuration files (~/.aigne/doc-smith-connected.yaml). Unauthorized or accidental invocation could result in the loss of critical authentication tokens. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It processes site hostnames derived from user input or context and passes them directly to shell-executed scripts.
- Ingestion points: Site hostnames extracted from the conversation or user messages (e.g., in the
clear-auth.mjscommand). - Boundary markers: None are present in the instructions to prevent the agent from being misled by malicious site names (e.g., a name containing shell metacharacters).
- Capability inventory: Executes local Node.js scripts via
child_process(implied by thenodecommand) that modify system-wide and local security settings. - Sanitization: The skill description lacks any requirement or evidence of input validation, making it susceptible to command injection if a malicious hostname is provided.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the
nodecommand to execute local maintenance scripts with dynamic arguments. This presents a risk of argument injection if the underlying scripts do not strictly validate the provided site hostnames.
Recommendations
- AI detected serious security threats
Audit Metadata