oauth-client-setup
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to process external OAuth configuration data while having access to high-privilege tools. • Ingestion points: Triggered by requests for OAuth setup, which likely involve reading external API specifications or configuration files. • Boundary markers: None specified in the SKILL.md to delimit external content. • Capability inventory: Requests access to Bash, Write, Edit, and Read tools. • Sanitization: No validation logic is defined to mitigate malicious instructions in the configuration data.
- COMMAND_EXECUTION (LOW): The skill requests access to the Bash tool. While expected for automated setup tasks, this grants system-level access that could be abused if the agent's reasoning is compromised by indirect injection.
Audit Metadata