api-key-auth-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to handle sensitive authentication setups and requests high-privilege tool access including Bash(curl:) and Write. This configuration is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: User-provided setup requests and API patterns referenced in the metadata. 2. Boundary markers: Absent. There are no instructions to isolate or delimit untrusted input. 3. Capability inventory: Bash(curl:) (Network/Execution), Write/Edit (File System), Read/Grep (Data Access). 4. Sanitization: Absent. No logic exists to filter or validate input before tool execution.
- [Command Execution] (MEDIUM): The skill explicitly requests Bash(curl:) permissions. While intended for API development, the use of wildcard curl: allows for arbitrary network operations, posing a significant risk of data exfiltration or SSRF if the agent's logic is subverted by malicious input.
Recommendations
- AI detected serious security threats
Audit Metadata