content-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The instruction to run
export $(cat .env | grep -v '^#' | xargs)is a significant security risk. It forces the agent to load every secret stored in the.envfile into the shell environment, making those credentials (e.g., APIFY_TOKEN, TUBELAB_API_KEY) available to any subprocess or potential attacker who can inspect the environment. - COMMAND_EXECUTION (MEDIUM): The skill uses direct shell execution to manage environment variables and the local filesystem, which can be a vector for exploitation if environment paths are compromised.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it aggregates data from public platforms (X, TikTok, etc.) to generate its output. 1. Ingestion points: Step 4 reads external research data from
outliers.jsonandvideo-analysis.json. 2. Boundary markers: None; the logic does not employ delimiters to separate untrusted content from the system instructions. 3. Capability inventory: The agent has the ability to execute shell commands and write files. 4. Sanitization: None; data from external platforms is interpolated directly into templates without escaping or validation.
Recommendations
- AI detected serious security threats
Audit Metadata