Skills
skills/ceedaragents/cyrus/cyrus-setup-launch/Gen Agent Trust Hub

cyrus-setup-launch

Fail

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a 'CRITICAL' instruction directing the agent to ignore standard file-handling tools (Read, Edit, Write) and instead use Bash commands to interact with sensitive configuration files, potentially to bypass platform-level safety monitoring or context logging.
  • [CREDENTIALS_UNSAFE]: The skill accesses ~/.cyrus/.env, which is identified as containing sensitive credentials including ANTHROPIC_API_KEY, SLACK_BOT_TOKEN, and LINEAR_CLIENT_ID.
  • [COMMAND_EXECUTION]: The skill executes commands with sudo privileges to write system-level configuration files to /etc/systemd/system/ and to reload system services using systemctl.
  • [COMMAND_EXECUTION]: Configures persistence mechanisms via systemd and pm2 to ensure the agent's processes are automatically started on boot and maintained in the background.
  • [EXTERNAL_DOWNLOADS]: Performs global installation of external software via npm install -g pm2, which downloads and executes code from the public npm registry.
  • [DATA_EXFILTRATION]: Ingests and processes data from local configuration files (~/.cyrus/config.json) and environment files, creating a surface for potential data exposure if output is echoed or exfiltrated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 06:23 AM