warden-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill provides functionality to fetch and install 'Remote Skills' from external repositories (e.g.,
warden add --remote getsentry/skills). Since these repositories are not part of the trusted source whitelist, this introduces an unverified third-party dependency chain. - [REMOTE_CODE_EXECUTION] (HIGH): According to the documentation, custom and remote skills are granted access to a toolset that includes
Bash,Write, andEdit. This allows downloaded remote scripts to execute arbitrary code or commands on the host machine. - [COMMAND_EXECUTION] (HIGH): The skill provides the agent with a
Bashtool and a--fixoption for auto-applying changes. This creates a dangerous surface for indirect prompt injection: if the agent analyzes a malicious file containing instructions to misuse these tools, it could compromise the host environment. - Ingestion points: Local files and git diffs (e.g.,
warden src/auth.ts). - Boundary markers: Absent.
- Capability inventory:
Bash,Write,Edit,WebFetch,WebSearch(File: SKILL.md). - Sanitization: Absent.
- [CREDENTIALS_UNSAFE] (LOW): The documentation provides an example command to export an API key (
export WARDEN_ANTHROPIC_API_KEY=sk-ant-...). While the value provided is a placeholder, this pattern encourages users to store sensitive credentials in plain-text shell history.
Recommendations
- AI detected serious security threats
Audit Metadata