MobileApp
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Data Exposure & Exfiltration (HIGH): The skill provides a 'Full home directory browser' via API endpoints like
/api/files/read?path=<path>. This allows unauthorized users on the network or Tailscale mesh to read sensitive files such as SSH keys, cloud provider credentials, and environment variables from the host machine. - Persistence Mechanisms (HIGH): The skill includes a management script to install the server as a
launchdservice (./manage.sh service install), ensuring the application and its associated risks persist across system reboots and crashes. - Command Execution (MEDIUM): The
./manage.shscript performs high-privilege operations including service installation, dependency management, and build processes, which execute arbitrary commands on the host. - Indirect Prompt Injection (LOW): The skill ingests data from local files and Obsidian vaults which are untrusted sources. Malicious instructions inside these files could influence the integrated Claude Code chat behavior.
- Ingestion points: Files accessed via
/api/files/readand notes via/api/knowledge/note(SKILL.md). - Boundary markers: None identified in documentation.
- Capability inventory: Arbitrary file read, local network listening, WebSocket communication (SKILL.md).
- Sanitization: None documented.
Recommendations
- AI detected serious security threats
Audit Metadata