kargo-cli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill includes hardcoded plaintext credentials ('admin / admin') in both the environment setup and troubleshooting sections, granting administrative access to the Kargo server.
- [COMMAND_EXECUTION] (MEDIUM): Multiple login command examples include the '--insecure-skip-tls-verify' flag, which instructs the agent to ignore SSL/TLS certificate validation, leaving communication vulnerable to Man-in-the-Middle (MitM) attacks.
- [DATA_EXFILTRATION] (LOW): The skill exposes internal network architecture details, including an internal IP address (192.168.10.117) and specific service ports, which could be used for reconnaissance within a private network.
Recommendations
- AI detected serious security threats
Audit Metadata