Skills
skills/ggprompts/htmlstyleguides/styleguide/Gen Agent Trust Hub

styleguide

Fail

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands in Phase 3 to configure Git and push changes. It specifically uses command substitution $(gh auth token --user GGPrompts) to retrieve a live authentication token and pipe it into a local file.
  • [CREDENTIALS_UNSAFE]: The instruction git config --global credential.helper store combined with echo ... > ~/.git-credentials causes the agent to store GitHub credentials in an unencrypted plain-text file on the disk. This is a dangerous practice as any other process or user with access to the filesystem can retrieve the token.
  • [DATA_EXPOSURE]: The skill explicitly targets and modifies ~/.git-credentials, which is a sensitive file path used for long-term storage of authentication secrets.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 3, 2026, 07:07 AM