totp
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to manage sensitive Two-Factor Authentication (2FA) / TOTP secrets but lacks proper handling of these credentials. The instructions in
SKILL.mdexplicitly mandate that the agent display the raw Base32 secret key to the user (e.g., '向用户展示时必须包含... Base32 密钥'). Displaying root secrets in a chat interface exposes them in plain text to anyone with access to the conversation history or logs. Furthermore, the scriptscripts/totp_manager.pystores all 2FA keys in a single unencrypted JSON file at~/.totp_secrets.json. - [COMMAND_EXECUTION]: The integration instructions for the
bash_tooluse unsafe command templates that are vulnerable to shell injection. InSKILL.md, the standard workflow suggests building commands likepython3 scripts/totp_manager.py create "<账户名>". There is no evidence of input validation or sanitization before passing these user-provided strings to the bash tool, which could allow a malicious user to append additional commands using characters like ';' or '&'. - [PROMPT_INJECTION]: The skill uses authoritative language to override agent behavior and safety filters. The description states that the agent '必须使用此技能' (must use this skill) for any related requests, which is an attempt to force the agent to bypass its standard intent recognition logic.
Recommendations
- AI detected serious security threats
Audit Metadata