Skills
skills/davepoon/buildwithclaude/ops-ecom/Gen Agent Trust Hub

ops-ecom

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill performs an aggressive "auto-discovery" scan to harvest credentials from a wide array of local sources, including system databases and configuration files.
  • [COMMAND_EXECUTION]: Employs sqlite3 to query the local Chrome History database (~/Library/Application Support/Google/Chrome/Default/History) to extract URLs and session-related information.
  • [COMMAND_EXECUTION]: Utilizes the security find-generic-password command to search the macOS Keychain for stored administrative tokens.
  • [COMMAND_EXECUTION]: Performs a recursive grep search across all directories in ~/Projects/ to find and extract secrets from .env files.
  • [COMMAND_EXECUTION]: Accesses and reads sensitive shell profile files including ~/.zshrc, ~/.bashrc, and ~/.envrc to identify exported tokens.
  • [DATA_EXFILTRATION]: Instructions require the agent to aggregate and display all discovered secrets, tokens, and store identifiers within the agent's operational context.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Shopify's Admin API (including customer names, product titles, and order notes) and interpolates them into Bash commands and agent prompts without sanitization or boundary markers, creating a surface for indirect prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 29, 2026, 06:48 AM