Skills
skills/family3253/skill/task-status/Gen Agent Trust Hub

task-status

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Hardcoded Telegram user ID 7590912486 is set as the default target for status messages in scripts/send_status.py, scripts/send_status_websocket.py, and scripts/send_status_with_logging.py.- [COMMAND_EXECUTION]: The skill uses subprocess.run to execute the clawdbot CLI tool as a fallback mechanism for sending messages in scripts/send_status.py and scripts/send_status_with_logging.py.- [PROMPT_INJECTION]: Instructions in SKILL.md suggest the agent use a cron module to programmatically schedule tasks, which can lead to unauthorized persistent behavior.- [DATA_EXFILTRATION]: Multiple files, including scripts/monitor_task.py and scripts/send_status_with_logging.py, contain hardcoded absolute system paths (e.g., C:\Users\Luffy\...), exposing local user and directory structures.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 08:18 AM