api-testing
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: Accesses sensitive credentials from
.cursor/.secrets/to perform Basic and Session authentication. - [DATA_EXFILTRATION]: Stores session tokens in
/tmp/session.txt, a globally accessible location that may expose cookies to other users on the system. - [COMMAND_EXECUTION]: Executes shell scripts using
curlandjqto interact with remote APIs. - [EXTERNAL_DOWNLOADS]: Sources an external script (
../../_shared/load-config.sh) not included in the package, which acts as an unverifiable dependency.
Audit Metadata