bknd-registration
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Automated scans (URLite) identified the URL api.auth.re as malicious. This domain is linked to the authentication and registration services referenced in the skill's context.
- [DATA_EXFILTRATION] (HIGH): The skill facilitates the collection of sensitive user credentials. Given the presence of a blacklisted URL, the use of methods like api.auth.register creates a high risk of direct credential exfiltration to malicious actors.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill guides developers in implementing authentication flows that handle plaintext passwords at the application layer. While hashing is recommended in notes, the lack of verified secure transmission to the identified malicious host increases the risk level.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill exposes a surface for processing untrusted external data during the registration process. 1. Ingestion points: email and password state variables in the RegisterForm component (SKILL.md). 2. Boundary markers: Absent; no delimiters are used to separate user-provided input from application logic. 3. Capability inventory: api.auth.register for network communication and api.data.updateOne for database modifications (SKILL.md). 4. Sanitization: Minimal client-side checks for password length and confirmed matching.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata