basalt-cortex
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to collect and aggregate sensitive information from multiple private sources, including Gmail threads, Slack conversations, and local files. This data is prepared for synchronization with an external domain (basaltcortex.com), which presents a risk of sensitive information disclosure to a third-party service.
- [COMMAND_EXECUTION]: The skill's workflow involves the automated generation and execution of Python scripts (e.g., .jez/scripts/mine-gmail-batch.py) to handle data processing. This dynamic code execution creates a potential attack surface where malicious content within processed communications could influence the generated script's behavior.
- [EXTERNAL_DOWNLOADS]: The instructions refer to the installation and use of external CLI tools and services, such as the basalt-cortex CLI daemon and gws CLI, as well as third-party web scraping platforms like Firecrawl and Playwright to facilitate data ingestion.
- [CREDENTIALS_UNSAFE]: Documentation includes examples of using sensitive authentication tokens (e.g., Slack API tokens) in plain text within shell commands and encourages the use of API keys in environment variables for automated cron jobs, which may lead to credential exposure in system logs or command histories.
Audit Metadata