owasp-top-10
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The file 'references/cryptographic-failures.md' contains a hardcoded API key following a live secret pattern.
- Evidence:
const API_KEY = 'sk_live_a3f7c9b2d8e1f4g6h9';is used in a section labeled as 'VULNERABLE'. - [DATA_EXFILTRATION]: Multiple reference files include sensitive file paths and internal network identifiers used as attack targets in examples.
- Evidence: 'references/broken-access-control.md' references
/etc/passwdto illustrate directory traversal. - Evidence: 'references/ssrf.md' references the cloud metadata IP
169.254.169.254as a target for SSRF attacks. - [COMMAND_EXECUTION]: Educational snippets demonstrate unsafe command execution and dynamic evaluation patterns.
- Evidence: 'references/injection.md' shows unsafe use of
child_process.execwith unsanitized user input. - Evidence: 'references/integrity-failures.md' demonstrates the danger of
eval()on untrusted cookie data.
Audit Metadata