Skills
skills/dadbodgeoff/drift/health-checks/Gen Agent Trust Hub

health-checks

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION] (MEDIUM): Information Leakage via Raw Error Messages. Both the TypeScript and Python implementations capture exceptions from internal services (databases, file systems, APIs) and return the raw error message to the client in the JSON response body.
  • Evidence (TypeScript): In health-service.ts, the catch block assigns message: (error as Error).message to the public response.
  • Evidence (Python): In health_service.py, the catch block assigns "message": str(e) to the public response.
  • Impact: An attacker can use these messages to map internal file paths, database schemas, or dependency versions when a service is failing.
  • [DATA_EXFILTRATION] (LOW): Metadata Exposure. The skill explicitly includes application versioning in the public health status output.
  • Evidence: version: process.env.APP_VERSION is included in the getDetailedStatus return object.
  • Impact: Exposing specific software versions facilitates targeted attacks using known vulnerabilities for that version.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 11:30 PM