validate
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes instructions that compromise credential security by printing them to the console.
- It executes
env | grep -E "(API_KEY|API_TOKEN|LANGSMITH|OPENAI)"to display active environment secrets. - It executes
cat backend/.env | grep -E "^[A-Z_]*API"which reads sensitive configuration files and filters for API keys to be displayed in the output. - [REMOTE_CODE_EXECUTION]: The skill contains a high-risk command sequence in section 5:
curl -s http://localhost:8123/ | python3 -m json.tool. Piping network-delivered content directly into a language interpreter (Python) is a significant security risk if the server's output is compromised or manipulated, and this specific pattern was flagged by automated security scanners as an untrusted RCE vector. - [DATA_EXFILTRATION]: By intentionally printing secrets to the standard output, the skill facilitates the movement of sensitive data (API keys, tokens) into the agent's conversation logs and potentially to the upstream LLM provider's infrastructure.
- [COMMAND_EXECUTION]: The skill makes extensive use of powerful shell commands and subprocesses (
uv run,pytest,uvicorn,kill -9, and complexgrep/sedloops). While standard for CI/CD tasks, these capabilities provide a broad attack surface if the project being validated contains malicious scripts or configurations.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost:8123/ - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata