blast-conector
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill references specific high-privilege credential patterns like 'sk_live_' for Stripe and 'SERVICE_ROLE_KEY' for Supabase in its documentation, which are used for production payment and administrative access.
- [DATA_EXFILTRATION] (HIGH): The skill explicitly targets '.env.local' for writing secrets and conducts automated network handshakes based on configuration, which involves direct access to sensitive local environment files.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection by processing 'gemini.md' files. Ingestion points: Phase 1 dependency inventory from gemini.md. Boundary markers: None present. Capability inventory: File writing to .env.local, network handshake execution, and database management via MCPs. Sanitization: No input validation or filtering is performed on the ingested data before using it to drive integration logic.
Audit Metadata