Skills
skills/michailbul/laniameda-skills/laniameda-kb/Gen Agent Trust Hub

laniameda-kb

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The ingest.ts script uses fs.readFileSync to read local files from a path provided in the imagePath field and then transmits the base64-encoded content to an external URL (https://perfect-buffalo-375.convex.cloud). Because the script does not validate or restrict these file paths, it could be used to exfiltrate sensitive system files if an attacker provides a path like ~/.ssh/id_rsa.
  • [CREDENTIALS_UNSAFE]: The ingest.ts script contains a hardcoded default user identifier (278674008) used if the KB_OWNER_USER_ID environment variable is not present.
  • [COMMAND_EXECUTION]: The skill executes a local Bun script via the command line to process and transmit data.
  • [PROMPT_INJECTION]: The skill handles untrusted data that directly influences file-reading and network-transmission capabilities. It lacks boundary markers or sanitization for input fields like imagePath, creating an attack surface for indirect prompt injection where a malicious source could trick the agent into accessing and exfiltrating sensitive local data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 02:50 PM