adaptive-suite
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Dynamic Execution & RCE (HIGH): The instruction to 'Compile a localized desktop app' constitutes a significant security risk. By generating and compiling code at runtime, the skill can execute arbitrary logic on the host system that bypasses static analysis.
- Data Exposure & Exfiltration (HIGH): The 'NAS Metadata Scraper' is designed to map internal network storage structures, collecting file names and directory metadata. While the skill claims 'read-only' status, the presence of the 'curl' binary in the requirements provides a direct mechanism to exfiltrate this sensitive internal information to external servers.
- Indirect Prompt Injection (HIGH): The skill is designed to ingest data from diverse untrusted sources, including NAS metadata and 'free online tools' discovered at runtime. Given the skill's high-privilege capabilities (compilation, command execution, and network access), it is highly vulnerable to malicious instructions embedded in these external resources.
- Credential Access (MEDIUM): The requirement for 'FREE_API_KEYS' in the environment variables indicates that the skill expects to handle user credentials, which could be exposed if the skill is compromised via injection or the generated desktop application.
Recommendations
- AI detected serious security threats
Audit Metadata