cox
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The file assets/docker_compose/docker-compose.yml contains hardcoded default administrative credentials (admin/admin) for the Grafana service, which creates a significant risk of unauthorized access if the service is exposed.
- EXTERNAL_DOWNLOADS (MEDIUM): The deployment instructions require installing the 'flask' package and pulling multiple 'latest' Docker images from Docker Hub. These dependencies are unverifiable and may change or introduce vulnerabilities without notice.
- PROMPT_INJECTION (MEDIUM): The skill possesses an indirect prompt injection surface by allowing user feedback to influence project state files.
- Ingestion points: User feedback descriptions and 'has_issue' markers provided in dialogue (referenced in agent_workflows.md).
- Boundary markers: None found; user feedback is directly processed and recorded into system files.
- Capability inventory: local scripts such as scripts/collect_data.py are used to modify project_data.json and app_status.json based on this feedback.
- Sanitization: The provided scripts perform basic JSON loading but do not sanitize or validate the content of user-provided feedback strings.
- COMMAND_EXECUTION (MEDIUM): scripts/store_to_skill_manager.py uses sys.path.insert to dynamically modify the module search path at runtime to load dependencies from relative directories, which could be exploited for local library injection.
Recommendations
- AI detected serious security threats
Audit Metadata