Skills
skills/andy160675/sovereign-skills-season1/strategic-doctrine-deployment/Gen Agent Trust Hub

strategic-doctrine-deployment

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis

🔴 MEDIUM Findings: • Data Exfiltration to Unverified GitHub Repository

  • The skill explicitly instructs to push user-provided documents and generated artifacts to the GitHub repository 'Andy160675/agi-rollout-pack'. While GitHub is a trusted platform, this is a specific user-owned repository, not one of the explicitly trusted organizational repositories. This increases the risk of unintended exposure of sensitive user data, as the security and public/private status of this specific repository are not verifiable by the analysis protocol. (SKILL.md Line 49: git push origin master)

🔵 LOW Findings: • Data Exfiltration to Trusted Google Drive

  • The skill syncs user-provided documents and generated artifacts to Google Drive using rclone. Google is listed as a trusted organization, which mitigates the risk of this specific data transfer. However, it still involves transferring user data to an external service. (SKILL.md Line 57: rclone copy /home/ubuntu/agi-rollout-pack/docs/ manus_google_drive:agi-rollout-pack/docs/)

ℹ️ INFO Findings: • Indirect Prompt Injection Risk

  • The skill processes user-provided documents to generate presentation outlines and speaker scripts. If the user-provided document contains malicious instructions or hidden prompts, it could potentially influence the AI's behavior during the generation process, leading to unintended outputs or actions. (SKILL.md Line 34: Read the source document from the docs/ directory.) • Potential Credential Insecurity
  • The skill mentions authenticating with the GitHub CLI using a 'stored PAT' and provides an example echo "ghp_..." | gh auth login --with-token. The security of this operation depends entirely on how the GitHub Personal Access Token (PAT) is securely stored and provided to the echo command by the agent's environment. If the PAT is hardcoded or retrieved insecurely, it could lead to credential exposure. (SKILL.md Line 48: echo "ghp_..." | gh auth login --with-token)

No other significant threats such as direct prompt injection, obfuscation, unverifiable external dependencies (beyond assumed pre-installed tools), privilege escalation, or persistence mechanisms were detected in the provided skill files.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 06:53 PM