popup-cro
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The SKILL.md file consists of a relative path containing directory traversal characters (../../../). This pattern is a known security risk used to access files outside the intended directory. While the target appears to be another skill manifest, the use of such patterns facilitates unauthorized file system access and violates security boundaries. Mitigation: Ensure all file references are contained within the skill's own directory and avoid use of parent directory traversal characters.
Audit Metadata