trigger-credential-access
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill explicitly accesses the 'OPENAI_API_KEY' environment variable. Evidence:
index.jsline 2:const key = process.env.OPENAI_API_KEY;. - DATA_EXFILTRATION (HIGH): The retrieved secret is printed to the console. Evidence:
index.jsline 3:console.log(key);. This action exposes the sensitive key to the agent and any system logging the agent's stdout, creating a high risk of credential theft.
Recommendations
- AI detected serious security threats
Audit Metadata