connection-manager
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill is designed to read sensitive credential files from the 'knowledge/personal/connections/' directory. These files are stated to contain credentials for services including AWS, Slack, and Jira. Accessing these sensitive paths is a high-risk behavior as it creates a centralized point for potential credential exposure and exfiltration.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs 'Environment Injection' and executes a Node.js script ('scripts/diagnose.cjs'). This provides the capability to modify the execution context and potentially execute arbitrary logic or leak environment state during the connection validation phase.
- [PROMPT_INJECTION] (LOW): An indirect prompt injection surface exists via the configuration files it processes. (1) Ingestion point: 'knowledge/personal/connections/'. (2) Boundary markers: None mentioned. (3) Capability inventory: Environment injection and script execution via Node.js. (4) Sanitization: None detected beyond structural JSON schema validation, which does not mitigate malicious instructional injection within data fields.
Recommendations
- AI detected serious security threats
Audit Metadata