ai-chatbot
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to clone a repository from an untrusted account (
Eng0AI/ai-chatbot-template). This source is not part of the pre-approved trusted organizations or repositories list. - REMOTE_CODE_EXECUTION (HIGH): After cloning the untrusted repository, the skill executes
pnpm installandpnpm db:migrate. These commands trigger lifecycle hooks and scripts defined within the untrusted repository, allowing for arbitrary code execution on the host system. - COMMAND_EXECUTION (MEDIUM): The instructions include complex shell operations such as moving files, deleting directories, and a shell loop that reads sensitive
.envfiles to push them to Vercel's environment settings. This increases the attack surface for command injection if filenames or values are manipulated. - CREDENTIALS_UNSAFE (MEDIUM): The skill mandates the usage of sensitive secrets including
POSTGRES_URL,OPENAI_API_KEY, andANTHROPIC_API_KEY. The deployment scripts handle these secrets in plaintext via shell variables, which may be logged or exposed in process trees.
Recommendations
- AI detected serious security threats
Audit Metadata