Skills
skills/different-ai/zero-finance/test-staging-branch/Gen Agent Trust Hub

test-staging-branch

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes vercel and gh (GitHub CLI) to automate deployment checks and post results. It also uses chrome_evaluate_script to run custom JavaScript within the browser for extracting data and checking page states.
  • [DATA_EXFILTRATION]: The skill is designed to programmatically read the user's Gmail inbox to capture One-Time Passwords (OTPs). This automated access to sensitive authentication data represents a risk of credential exposure.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection due to the data it processes from external environments.
  • Ingestion points: Vercel deployment logs, email headers and bodies from Gmail, and GitHub PR comments.
  • Boundary markers: No delimiters or isolation techniques are used to separate untrusted external data from the agent's internal instruction set.
  • Capability inventory: The agent has the ability to execute shell commands and control a browser, which could be exploited via malicious input in a deployment log or email.
  • Sanitization: While manual sanitization of reports is encouraged, there is no automated filtering or validation of the data ingested at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 02:59 AM