Skills
skills/randroids-dojo/skills/slipbox/Gen Agent Trust Hub

slipbox

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill exposes sensitive credentials in the agent's output. In commands/slipbox.md, the setup check command echo "SLIPBOX_API_KEY: ${SLIPBOX_API_KEY:-(MISSING)}" prints the full value of the SLIPBOX_API_KEY environment variable. Additionally, SKILL.md includes a command that reveals the first six characters of the same key. This exposure allows secrets to be captured in conversation history and agent logs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted content from external sources.
  • Ingestion points: Fetches note content from the PrivateBox GitHub repository using gh api and from the remote service via the GET /api/theme-data endpoint documented in SKILL.md.
  • Boundary markers: The skill lacks delimiters or specific instructions for the agent to ignore instructions embedded within the fetched notes.
  • Capability inventory: The agent can perform network write operations via curl and repository operations via gh.
  • Sanitization: No validation or sanitization is performed on the content retrieved from the notes or the thematic data before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 12:21 PM