setup
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill documentation describes functionality to list and display environment variables and provide copy-paste export commands.
- Evidence: The
/setup envcommand is described as 'List all environment variables and their status' and the guide states it 'Provides exact export commands to copy-paste'. - Risk: In an agent environment, variables like 'ETH_PRIVATE_KEY' or 'OPENAI_API_KEY' are frequently used. Listing these in the UI creates a risk of sensitive data exposure in chat logs or during active sessions. The severity is set to MEDIUM rather than HIGH because this is the primary declared purpose of the skill.
Audit Metadata