setup-coordinator
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses and manages sensitive local files such as
.secrets.yamland explicitly instructs the agent to print environment variables and database connection settings (e.g., viaget_mcp_env), which can expose credentials likeCOORDINATION_API_KEYin the interaction history. - [COMMAND_EXECUTION]: The skill makes extensive use of
python3 -cto execute dynamic Python snippets for Docker container management and configuration loading, and it uses shell commands to manipulate the local filesystem and environment state. - [EXTERNAL_DOWNLOADS]: The skill utilizes
curlto perform network requests to external services like Railway and example.com for health checks and connectivity verification.
Recommendations
- AI detected serious security threats
Audit Metadata