collavre
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores authentication tokens in plain text within a local configuration file at
~/.config/collavre/config.json. This presents a risk of credential exposure if the local environment is compromised, although it is a standard practice for CLI tools.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion commands. Specifically, theimportandbatchcommands read content from files or standard input and pass it directly to the MCP tools without sufficient isolation.\n - Ingestion points:
scripts/collavre(via theimportandbatchcommands).\n - Boundary markers: The script does not use any delimiters or boundary instructions when sending user-provided content to the
creative_import_serviceorcreative_batch_service.\n - Capability inventory: The script performs file system reads and writes and initiates network requests via the
httpsandhttpmodules.\n - Sanitization: No validation or sanitization of the input Markdown or JSON data is performed before it is transmitted to the remote service.
Audit Metadata