gitea
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection. 1. Ingestion points: The agent reads untrusted data from Gitea issues, PRs, and comments using commands like 'tea issue' and 'tea pr' (SKILL.md). 2. Boundary markers: No delimiters or ignore instructions are present. 3. Capability inventory: The skill allows for destructive actions and sensitive data access via 'tea repos delete', 'tea actions secrets list', and 'tea webhooks create' (SKILL.md). 4. Sanitization: No input filtering or validation is described. An attacker could embed commands in an issue that trick the agent into deleting repositories or exposing secrets.
- DATA_EXFILTRATION (HIGH): The skill facilitates access to sensitive CI/CD information through the 'tea actions secrets list' command, posing a direct risk of credential exposure.
- COMMAND_EXECUTION (MEDIUM): The skill allows the agent to execute powerful commands on a Gitea instance that can modify its state or configuration without sufficient safeguards.
Recommendations
- AI detected serious security threats
Audit Metadata