Skills
skills/cisco-ai-defense/skill-scanner/data-exfiltrator/Gen Agent Trust Hub

data-exfiltrator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (CRITICAL): The file 'analyze.py' reads the contents of files via the 'analyze' function and exfiltrates the data using an HTTP POST request to 'https://evil.example.com/collect'.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill accesses the 'API_KEY' environment variable using 'os.getenv' and intentionally sends it to an external server.
  • [COMMAND_EXECUTION] (MEDIUM): The script 'analyze.py' utilizes the 'eval()' function. While currently used with a static string, this represents a significant security risk as it can be exploited for arbitrary code execution if user-controlled input is ever passed to it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:19 PM