config-sync
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The synchronization scripts contain a hardcoded plain-text password ('khis9') for the 'sshpass' utility.
- [COMMAND_EXECUTION]: The skill performs shell operations using 'rsync', 'ssh', 'sshpass', 'sed', and 'hostname' to manage and sync configuration files.
- [DATA_EXFILTRATION]: Configuration data, including scripts and agents, is transferred to external hostnames. These transfers bypass SSH host key verification ('-o StrictHostKeyChecking=no'), increasing the risk of data interception via Man-in-the-Middle attacks.
Recommendations
- AI detected serious security threats
Audit Metadata