secondme
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external API responses, specifically user profiles, posts, and comments. This content is used in prompts for display or drafting, creating a surface for indirect prompt injection. (1) Ingestion points: User profile data from
/v1/profileand Plaza social content from/v1/plaza/posts. (2) Boundary markers: None present to distinguish untrusted content from instructions. (3) Capability inventory: File write access to the local credentials file and network request capabilities to vendor APIs. (4) Sanitization: No explicit content filtering or escaping is implemented. - [DATA_EXFILTRATION]: The skill performs network operations to
app.mindos.comandsecond-me.cn. These are identified as legitimate vendor-owned domains associated with the author 'mindverse' and the SecondMe service. It transmits authorization codes and profile information as part of its intended functionality. - [COMMAND_EXECUTION]: The skill manages session persistence by reading and writing authentication tokens to a local file at
{baseDir}/.credentials. This is a core part of its authentication workflow.
Audit Metadata