session-status
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions explicitly direct the agent to collect and report "Environment variables" and "Config file... contents". These sources frequently contain sensitive secrets such as API keys, database credentials, and authentication tokens. Exposing this information in the session status report represents a high risk of credential leakage.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Python script (run.py), granting the agent code execution capabilities on the host. The script also employs dynamic path manipulation using sys.path.insert to load modules from a relative directory, which can be exploited if an attacker gains control over the local file structure.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting untrusted data from the local execution context.
- Ingestion points: Collects data from "Recent commands", "Recent artifacts" (filenames), and "Config file... contents".
- Boundary markers: There are no specified delimiters or warnings to ignore instructions embedded within the gathered data.
- Capability inventory: The skill is permitted to use Bash, Read, and Glob tools.
- Sanitization: No validation or filtering mechanisms are described for the external content before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata