refurbish-demos
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes multiple
curlcommands to interact with vendor-specific infrastructure (psquared.dev) and CRM systems for data retrieval and agent management. - [COMMAND_EXECUTION]: Provides instructions for running a local Python script (
scripts/refurbish-all.py) to handle batch processing of agent updates. - [CREDENTIALS_UNSAFE]: Accesses sensitive Bearer tokens from environment variables (
NUXT_MCP_DEMO_TOKEN,PSQUARED_CRM_TOKEN,EMAIL_DRAFT_ONLY_BEARER) to authenticate requests to internal services and the CRM. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from untrusted external URLs to populate agent knowledge bases, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: External web pages identified through domain patterns or WebFetch (found in SKILL.md).
- Boundary markers: None explicitly specified to prevent the agent from following instructions embedded in the scraped content.
- Capability inventory: Modifies knowledge buckets, updates agent configuration, and republishes agents via MCP tools (found in SKILL.md).
- Sanitization: The skill describes removing navigation elements and footers but lacks specific sanitization logic to neutralize malicious instructions within the scraped text.
Audit Metadata