community-campaign-builder
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill relies on multiple external Python scripts (
whatsapp_search.py,nas_secrets.py) that are not included in the provided source code. Executing these scripts via Bash tools presents a high risk as their internal logic is unverified. - [CREDENTIALS_UNSAFE] (HIGH): The documentation explicitly instructs the user to export
GH_TOKENto the environment and pass sensitive tokens as command-line arguments tonas_secrets.py. This is a dangerous pattern that can lead to credential exposure in shell history, process listings, or logs. - [DATA_EXFILTRATION] (MEDIUM): The skill is designed to collect private messages and emails into markdown files and then 'push' them to a remote Git repository. While this aligns with the stated purpose of 'intelligence gathering,' it automates the exfiltration of potentially sensitive personal data to the cloud.
- [INDIRECT_PROMPT_INJECTION] (LOW): The
scripts/gather_intel.pyfile ingests untrusted data from WhatsApp and news sources to build a candidate profile. - Ingestion points:
add_whatsapp_intelandadd_news_intelinscripts/gather_intel.py. - Boundary markers: None; the data is directly appended to JSON/Markdown structures.
- Capability inventory: File writing (Markdown/JSON), subprocess execution for Git and distribution scripts.
- Sanitization: No sanitization or escaping of external content is performed before storage or report generation.
Recommendations
- AI detected serious security threats
Audit Metadata