Skills
skills/alinaqi/claude-bootstrap/credentials/Gen Agent Trust Hub

credentials

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: CRITICALCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (CRITICAL): The skill reads sensitive local files and transmits the content to external endpoints. Evidence: The skill specifically targets paths like ~/.secrets/keys.txt and ~/.credentials.txt. Evidence: It uses curl to send extracted secrets (like OPENAI_API_KEY) to external APIs that are not on the permitted whitelist.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill is designed to harvest high-value production secrets, including AWS Access Keys (AKIA*), Stripe Live Keys (sk_live_*), and GitHub Personal Access Tokens (ghp_*).
  • [COMMAND_EXECUTION] (HIGH): Executes shell commands (curl, cat) using unvalidated data extracted from user-provided files, presenting a critical risk of command injection.
  • [INDIRECT PROMPT_INJECTION] (HIGH): The skill ingests untrusted data and uses it in sensitive operations without sanitization. 1. Ingestion points: File reading logic in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: curl network requests and cat file writes in SKILL.md. 4. Sanitization: Absent. No escaping or validation is performed before data is interpolated into shell blocks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 10:36 PM