configuring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill is explicitly designed to scrape secrets from high-value targets such as ~/.bashrc, ~/.claude/settings.json, and ~/.codex/config.toml. This behavior provides a centralized mechanism for harvesting credentials from multiple distinct AI environments.
- [DATA_EXFILTRATION] (MEDIUM): The skill's architecture pairs sensitive data discovery with network-enabled examples (e.g., examples/turso_refactored.py using the requests library). This establishes a pattern where sensitive credentials can be transmitted to external endpoints without proper domain whitelisting or destination validation.
Recommendations
- AI detected serious security threats
Audit Metadata