Skills
skills/basedhardware/omi/rotate-key/Gen Agent Trust Hub

rotate-key

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill programmatically extracts the CODEMAGIC_API_TOKEN from the user's shell profile (~/.zshrc) using grep and cut.
  • [COMMAND_EXECUTION]: Employs powerful CLI tools including kubectl, gcloud, and security to modify sensitive infrastructure state, cloud secrets, and the system-level macOS Keychain.
  • [DATA_EXFILTRATION]: Performs broad, recursive searches (grep -r) across the entire project directory to locate and display the names and values of secrets stored in .env, .yaml, and source code files.
  • [COMMAND_EXECUTION]: Uses sed -i to modify local environment files. This pattern is vulnerable to command injection if the new key value contains characters that break the sed delimiter or syntax.
  • [COMMAND_EXECUTION]: Executes dynamic Python snippets via python3 -c to parse and process JSON data retrieved from cloud services and external APIs.
  • [CREDENTIALS_UNSAFE]: Accesses and modifies multiple local .env files, including those in build artifacts and backend directories, which often contain production secrets.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 02:27 AM