template-constructor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill implements a command
import_templates_from_gitwhich allows downloading and installing agent templates from arbitrary Git URLs. Since these templates contain Python scripts (pyscriptconnectors), this enables remote code execution if a user is directed to an untrusted repository. - [COMMAND_EXECUTION] (HIGH): The skill provides end-to-end workflows for creating and executing custom Python logic through connectors (
create-templateandinstall-template). It specifically facilitates the deployment of executable code to local and production environments. - [CREDENTIALS_UNSAFE] (HIGH): A core feature of the skill is managing the Machina vault (
configure-secrets.md). It provides commands to create, verify, and delete secrets, including sensitive data like Google Cloud service account JSON and API keys. This high-privilege access is a significant risk if the agent is compromised. - [DATA_EXPOSURE] (MEDIUM): The
SKILL.mdfile reveals hardcoded absolute local paths (/Users/fernando/machina/...), which exposes information about the host's directory structure and user environment. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for indirect injection by ingesting template data from external Git repositories and local files while possessing high-privilege capabilities (file writing, secret management, and code execution).
Recommendations
- AI detected serious security threats
Audit Metadata