project-manager
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs persistent modifications to system configuration files. During the setup phase, it executes shell commands to detect and append environment variable exports to
~/.zshrcor~/.bashrc. This establishes a persistence mechanism that affects the user's environment across future shell sessions.- [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys by facilitating their storage in plain text. The setup flow explicitly suggests writing theKARMA_API_KEYinto shell initialization files, which exposes the credentials to any process or user with read access to those files.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the ingestion of external protocol data. - Ingestion points: Data retrieved from the Karma API (
gapapi.karmahq.xyz), including project descriptions, grant details, and milestone updates. - Boundary markers: Absent; there are no specific markers or instructions to treat external data as untrusted.
- Capability inventory: The skill has the ability to execute network requests via
curland modify local system configuration files. - Sanitization: Absent; content from the API is used without visible validation or sanitization.
Audit Metadata