models-config
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The file
SKILL.mdcontains a hardcoded Anthropic API key (sk-XvsJhNdiXcDYA3e5hzD1AJP5ploMAaFuMTUxp3bHRfCiZRNt). Storing plaintext secrets in skill documentation is a high-risk practice that can lead to unauthorized access. - [EXTERNAL_DOWNLOADS]: The script
update-prices.tsfetches JSON data from an external, non-whitelisted domain (https://models.dev/api.json). This external data is used to programmatically modify local configuration files. - [COMMAND_EXECUTION]: The skill documentation provides shell snippets and a testing script (
test-model.sh) that usecurlto send sensitive API keys to various external endpoints (api.xairouter.com,api.example.com). This pattern encourages the transmission of credentials to third-party services. - [DATA_EXFILTRATION]: The skill interacts directly with
~/.pi/agent/models.json, a configuration file used to store provider base URLs and API keys. While the primary function is updating price metadata, the ability to read and rewrite this sensitive file provides a surface for credential exposure or configuration hijacking.
Recommendations
- AI detected serious security threats
Audit Metadata