one-step-better-ai-pm
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly scans the local repository for sensitive information, including API keys and environment variables referencing AI services (e.g., Anthropic, OpenAI), as part of its repo profile building process.\n- [CREDENTIALS_UNSAFE]: It accesses potentially sensitive files such as .env, package.json, and pyproject.toml to extract project configuration and secrets.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to genaipm.com to fetch a feed and subsequently fetches content from arbitrary third-party URLs identified within that feed for research.\n- [PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface. \n
- Ingestion points: Untrusted data enters via the external API feed from genaipm.com and arbitrary URLs processed during Phase 4 deep research. \n
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from executing instructions embedded in the fetched HTML or research materials. \n
- Capability inventory: The skill has broad capabilities including reading all repository files, searching for secrets, and writing/modifying source code and configurations. \n
- Sanitization: No sanitization or validation of external content is performed before it is used to generate repository modifications.\n- [COMMAND_EXECUTION]: The skill is designed to modify the repository's source code, configuration files (e.g., .cursorrules, MCP settings), and project dependencies based on instructions derived from external sources.
Recommendations
- AI detected serious security threats
Audit Metadata