Skills
skills/bluewaves-creations/bluewaves-skills/photographer-testino/Gen Agent Trust Hub

photographer-testino

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • DATA_EXFILTRATION (HIGH): The files scripts/credentials.example.json and scripts/fal_utils.py contain literal path traversal sequences (../../../). These patterns are frequently used in 'Zip Slip' or directory traversal attacks to escape the skill's sandbox and read or overwrite sensitive host files.
  • CREDENTIALS_UNSAFE (MEDIUM): The documentation instructs users to store sensitive API keys in scripts/credentials.json. Combined with the traversal markers in the example file, this creates a high risk of credential exposure if an agent or tool resolves the malicious paths.
  • EXTERNAL_DOWNLOADS (SAFE): The skill requires the fal-client Python package, which is a standard library for the fal.ai service and is considered safe when installed from official repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 01:52 PM