Skills
skills/malue-ai/dazee-small/privacy-auditor/Gen Agent Trust Hub

privacy-auditor

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill searches for files that typically contain authentication secrets, private keys, and environment variables.
  • Evidence: Scanning for patterns like *.pem, *.key, *.env, credentials*, id_rsa, and id_ed25519 using find in SKILL.md.
  • [COMMAND_EXECUTION]: Executes shell commands to access sensitive application data and system history.
  • Evidence: Queries Chrome and Firefox cookie/history databases and macOS recent documents using du, ls, and stat in SKILL.md.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing untrusted data from the local filesystem.
  • Ingestion points: File names and paths retrieved via find and ls commands in SKILL.md.
  • Boundary markers: Absent; no delimiters distinguish between file names and system instructions.
  • Capability inventory: Shell command execution (bash) used for risk reporting.
  • Sanitization: Absent; no evidence of escaping or validating file-system output before it enters the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 04:20 PM