autoteam-chatgpt-rotation
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the complete project source code and dependencies from third-party GitHub repositories (github.com/cnitlrt/AutoTeam and github.com/router-for-me/CLIProxyAPI).
- [REMOTE_CODE_EXECUTION]: It instructs the user to execute a shell script (bash setup.sh) directly from the downloaded unverified repository, which constitutes remote code execution from an unknown source.
- [COMMAND_EXECUTION]: The skill relies on executing various system-level shell commands via the uv package manager and docker compose to deploy services, manage browsers via Playwright, and perform account management tasks.
- [CREDENTIALS_UNSAFE]: The tool manages highly sensitive information including ChatGPT Team administrator credentials, multiple API keys (CloudMail, CPA, AutoTeam), and session authentication files. It includes logic to synchronize these credentials and authentication states with an external API endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata