env-management
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill uses curl to retrieve content from an untrusted external domain (fullstackrecipes.com). This domain is not part of the defined trusted sources list and could serve malicious content.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to fetch and complete 'recipes' from a remote API. This creates a direct path for the remote server to provide malicious instructions or shell commands that the agent would then execute in the user's environment.
- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to manage sensitive environment variables. Fetching external content while contextually handling secrets increases the risk of accidental exposure or intentional exfiltration of API keys and credentials.
Recommendations
- AI detected serious security threats
Audit Metadata