bearer-token-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external data in a highly sensitive context.
- Ingestion points: Processes user-provided authentication tokens, API configuration files, and source code for 'validation'.
- Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands within processed data.
- Capability inventory: Possesses
Read,Write,Edit, andBash(curl:*)permissions. - Sanitization: No evidence of input validation or output sanitization.
- Risk: An attacker could provide a malicious payload disguised as a token that instructs the agent to read local secrets (e.g.,
~/.aws/credentials) and exfiltrate them using the providedcurltool. - Data Exposure & Exfiltration (MEDIUM): The skill is explicitly granted
Bash(curl:*)access without domain restriction. Given its purpose involves handling 'Bearer Tokens', this authorization is overly permissive and facilitates the silent transmission of credentials to external servers under the guise of validation checks.
Recommendations
- AI detected serious security threats
Audit Metadata