Skills
NYC
skills/drshailesh88/integrated_content_os/multi-model-writer/Gen Agent Trust Hub

multi-model-writer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The skill contains a bash command cat .env | grep -E "API_KEY|_KEY" explicitly designed to extract and reveal secret keys from a configuration file. This instructions the agent to leak credentials into the conversation history.
  • DATA_EXFILTRATION (HIGH): The command targeting the .env file constitutes unauthorized access to sensitive file paths containing ANTHROPIC_API_KEY, OPENAI_API_KEY, and others. This creates a high risk of secret exfiltration.
  • COMMAND_EXECUTION (MEDIUM): The skill requires the installation of Playwright and its browser binaries (playwright install chromium). This involves downloading and executing external binaries which, while from a known source, significantly expands the system's attack surface.
  • PROMPT_INJECTION (LOW): The skill's primary function is to ingest user prompts and route them across multiple models. It lacks explicit instructions to sanitize these prompts before interpolation into API calls.
  • Indirect Prompt Injection (LOW): The skill employs browser automation to scrape external web interfaces (ChatGPT Web, Gemini Web).
  • Ingestion points: External LLM web interfaces (SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: API requests to 5+ providers, file system read (cat), and browser automation (SKILL.md).
  • Sanitization: None identified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:16 PM