Skills
skills/ggprompts/htmlstyleguides/story/Gen Agent Trust Hub

story

Fail

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: In Phase 3, the skill commands the agent to extract a GitHub token and write it to ~/.git-credentials in plaintext. This exposes the authentication token to any process or user with access to the filesystem.
  • [COMMAND_EXECUTION]: The skill modifies the system's global git configuration to use credential.helper store, which is an insecure method of persisting credentials that affects all git operations on the host.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from HTML style files and user arguments within subagent prompts without proper sanitization or boundary markers.
  • Ingestion points: styles/{name}.html and user arguments.
  • Boundary markers: None.
  • Capability inventory: File writes, git commands, and subagent invocation.
  • Sanitization: None.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 3, 2026, 07:08 AM