doppler
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The installation instructions in
SKILL.mdusecurl -sLf ... https://get.doppler.com | sh. Piped execution of remote scripts from untrusted domains is a high-risk pattern that allows unverified code to run directly on the user's system. - REMOTE_CODE_EXECUTION (HIGH): The skill allows the agent to run arbitrary commands using
doppler run -- <command>. Because this command injects sensitive workplace secrets into the process environment, it can be exploited to execute malicious payloads with elevated access. - CREDENTIALS_UNSAFE (MEDIUM): The skill is designed to retrieve and handle sensitive secrets. Commands such as
doppler secrets getanddoppler secrets downloadcan expose API keys, database URLs, and other credentials within the agent's context and logs. - COMMAND_EXECUTION (MEDIUM): The skill uses the
Bashtool to perform sensitive operations on the Doppler platform, including project deletion and service token management. Misuse of these tools could lead to significant infrastructure compromise. - PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface.
- Ingestion points: Secret values and notes retrieved from the Doppler API via
doppler secrets get(SKILL.md). - Boundary markers: None; untrusted data from secrets is not delimited or marked to be ignored.
- Capability inventory:
Bashcommand execution,WebFetchnetwork access, andWritefile access. - Sanitization: None; the skill does not provide mechanisms to sanitize or escape data retrieved from secrets.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.doppler.com - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata