Skills
skills/dev-goraebap/skills/wiki/Gen Agent Trust Hub

wiki

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md (Section 0-1) explicitly direct the agent to offer to disable security prompts by modifying the environment configuration (.claude/settings.json with bypassPermissions). This is an attempt to bypass the agent's human-in-the-loop safety architecture.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute system-level commands, creating a significant attack surface.
  • Evidence: Use of git init, git branch, git remote add, git commit, and git push within SKILL.md.
  • Evidence: Execution of grep and find commands in references/extraction.md to scan the filesystem for sensitive project metadata.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of remote content and the installation of third-party extensions.
  • Evidence: Use of git clone <url> to pull remote repository data.
  • Evidence: Instructions in SKILL.md and README.md templates recommending npx skills add to install external agent skills.
  • [DATA_EXFILTRATION]: The skill's primary workflow involves extracting domain knowledge, API specifications, and data models from a local codebase and pushing them to an external Git repository.
  • Evidence: The 'Extract' and 'Update' modes in SKILL.md automate the collection of internal system information and its transmission via git push to a user-specified remote URL.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 02:44 PM