Skills
skills/frahman5/fstack/warmup-infrastructure/Gen Agent Trust Hub

warmup-infrastructure

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file telegramRef.md contains a hardcoded Telegram bot token (8645212775:AAGY4HuJmSn9d_S9ld9nU5KpGca2_SBF598) and chat ID (5043064976) in the 'Sending messages' section.
  • [DATA_EXFILTRATION]: adminDashboardRef.md provides a Python-based command that programmatically reads and extracts the Vercel CLI authentication token from the sensitive local configuration file located at $HOME/Library/Application Support/com.vercel.cli/auth.json.
  • [COMMAND_EXECUTION]: The infrastructure setup guide in cronRef.md instructs the user to configure an x11vnc service with the -nopw flag, which allows anyone with network access to the server to view and control the virtual display without a password.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes several external tools and libraries:
  • Fetches the supabase and anthropic Python libraries via pip.
  • Installs the official @anthropic-ai/claude-code and vercel CLI packages via the npm registry.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 4, 2026, 04:04 AM