blast-operador
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to this attack vector as it ingests and processes untrusted external content (the repository code) and possesses significant write/execute capabilities.
- Ingestion points: Processes entire local repositories, including package files and environment configurations.
- Boundary markers: None present; the agent treats repository content as trusted instructions for deployment.
- Capability inventory: Execution of shell commands (npm scripts), file system reads, and network transmission of secrets via Vercel/GitHub APIs.
- Sanitization: No sanitization or validation of the scripts or environment variables being processed.
- Data Exposure & Exfiltration (HIGH): The skill specifically targets and maps high-value secrets such as
SUPABASE_SERVICE_ROLE_KEY,STRIPE_SECRET_KEY, andDATABASE_URL. While intended for deployment to Vercel, the access to these credentials combined with network capability creates a high risk of exfiltration if the agent is compromised. - Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructions mandate running
npm run build,npm run lint, andnpm run test. These commands execute scripts defined in the project'spackage.json. If an attacker can influence this file, they gain arbitrary command execution on the system running the agent. - Privilege Escalation (MEDIUM): The skill is designed to manage production environments and configure environment variables across 'Production', 'Preview', and 'Development' tiers, effectively granting the agent administrative control over the deployment pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata