secondme-init
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly prompts the user for a
Client Secretand aDatabase URL(which typically contains a username and password). These secrets are then written in plain text to.secondme/state.jsonon the local filesystem. - [DATA_EXPOSURE] (HIGH): The workflow includes reading and displaying the contents of
.secondme/state.json, which contains sensitive credentials. If this skill is used in a shared or logged environment, these secrets could be exposed in the conversation history. - [PROMPT_INJECTION] (LOW): The skill ingests untrusted user input (App Info and App Name) and interpolates it into
CLAUDE.md. This represents an indirect prompt injection surface where a malicious payload in the metadata could influence an agent's behavior when it later reads the project documentation. - Ingestion points: User-provided App Info text and manual input fields.
- Boundary markers: None identified for the generated
CLAUDE.mdfile. - Capability inventory: File system write operations for configuration and documentation.
- Sanitization: None identified; user input is directly mapped to the configuration and documentation fields.
Recommendations
- AI detected serious security threats
Audit Metadata