digisign
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The file
references/authentication.mdcontains realistic hardcoded API credentials including anaccessKey(wBzMakF4Cpl7hAt0QtzqRZ3d), asecretKey(yV2ZqHyOmb8xqDe5kSxnyM6d3...), and a functional-looking JWTtoken. These do not use standard placeholder patterns (e.g., 'YOUR_API_KEY') and represent a high risk of credential exposure. - [DATA_EXFILTRATION] (HIGH): The
scripts/document.pyfile includes commandscmd_uploadandcmd_downloadthat allow reading from and writing to arbitrary file paths provided by the user (or the agent). While these are functional requirements for a document management skill, they serve as powerful primitives for exfiltrating sensitive system files (e.g., SSH keys, environment files) if the agent is manipulated via prompt injection. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill ingests untrusted data through document downloads in
scripts/document.pyand webhook delivery attempts/test events inscripts/webhook.py. - Boundary markers: Not present in the provided script logic; boundary handling is delegated to the missing
utils.pymodule. - Capability inventory: The skill possesses capabilities for arbitrary file-system writes (
cmd_download), network uploads (cmd_upload), and access to API credentials viascripts/auth.py. - Sanitization: There is no evidence of sanitization or safety filtering for the content of processed documents or webhook payloads.
- [EXTERNAL_DOWNLOADS] (SAFE): Network operations are directed towards
api.digisign.organdapp.digisign.org, which are the legitimate service domains described in the documentation.
Recommendations
- AI detected serious security threats
Audit Metadata