check-btcpay
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (HIGH): The skill performs broad scans of the local repository for sensitive cryptographic material, including private keys (xprv), mnemonics, and seeds (File: SKILL.md, Section 6).
- [Credentials Unsafe] (HIGH): The skill instructs the user to provide a BTCPAY_API_KEY via environment variables, which can be leaked via process listings or logs (File: SKILL.md, Section 1).
- [Indirect Prompt Injection] (MEDIUM): The skill handles untrusted data. Ingestion points: curl responses from external APIs and grep output from local files. Boundary markers: Absent. Capability inventory: curl (network access), grep/find (filesystem read). Sanitization: Absent. An attacker could influence the agent's audit verdict via malicious API responses or code comments. (File: SKILL.md, Sections 1-6).
- [Command Execution] (LOW): Standard use of curl, jq, grep, and find for auditing purposes. While legitimate, these tools provide the primitive for data exfiltration if the agent logic is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata