panda-publish
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores the Nosy Pandas API key in plaintext within the
~/.pandasfile. While it attempts to restrict access usingchmod 600, storing secrets in plaintext on disk is a known security risk. - [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables directly from user input or configuration (e.g., POST_CONTENT, API_KEY). This creates a surface for command injection if the AI agent does not properly escape shell metacharacters when generating the commands.
- [DATA_EXFILTRATION]: The skill reads sensitive credentials from a local file and transmits them, along with user-provided media and content, to an external API (nosypandas.com). This is the intended function of the skill but involves the automated transfer of sensitive authentication data.
- [PROMPT_INJECTION]: The instruction to automatically detect and offer to save API keys from the chat stream could be exploited via indirect prompt injection if the agent processes untrusted documents containing strings that resemble keys.
- Ingestion points: User input for post content and API keys, and responses from the Nosy Pandas API (SKILL.md).
- Boundary markers: No specific boundary markers or delimiters are used to isolate untrusted content in the generated shell commands.
- Capability inventory: The skill utilizes
curlfor network requests and several filesystem utilities includingcat,grep,find, andmv(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of external content before it is used in shell commands or written to disk.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to
nosypandas.comto fetch account information and publish posts. This is a core component of its intended functionality.
Audit Metadata