agno
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation contains multiple code examples with hardcoded database credentials.
- Evidence found in
SKILL.md:db_url="postgresql://user:pass@localhost:5432/agno". - Evidence found in
references/integration.md:db_url="postgresql+psycopg://ai:ai@localhost:5532/ai"anddb_url="postgresql+psycopg://user:pass@localhost:5432/db". - Evidence of AWS account metadata leakage in
references/agentos.md:load_balancer_certificate_arn="arn:aws:acm:us-east-1:497891874516:certificate/..."revealing account ID497891874516. - [REMOTE_CODE_EXECUTION]: The documentation promotes and provides examples for executing remote code from unverified sources using package runners.
- Examples in
SKILL.mdandreferences/agentos.mdshow the use ofnpx -y @openbnb/mcp-server-airbnbanduvx mcp-server-gitto run Model Context Protocol (MCP) servers. - While some sources like Google and the Model Context Protocol organization are well-known, others like
openbnbare third-party and unverifiable. - [COMMAND_EXECUTION]: The framework described in the documentation provides first-class support for tools that execute arbitrary shell commands on the host system.
- The documentation in
references/index.mdandSKILL.mdreferences the use ofShellToolsandMCPToolswhich leverage subprocess execution to interact with local systems. - [NO_CODE]: The skill consists entirely of documentation and reference files (markdown) and does not contain any directly executable Python or JavaScript files.
Recommendations
- AI detected serious security threats
Audit Metadata