Skills
skills/skillrecordings/support/ops-setup/Gen Agent Trust Hub

ops-setup

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly requests and processes live production credentials, including Stripe Secret Keys (sk_live_xxx), Front API tokens, and Slack tokens. It directs the user to paste these secrets into the conversation for validation and storage in local environment files.
  • [COMMAND_EXECUTION]: Utilizes Bash to read sensitive local files such as apps/web/.env.local, apps/slack/.env.local, and apps/front/.env.local using commands like cat and grep. It also executes local TypeScript scripts using the Bun runtime to perform validations.
  • [DATA_EXFILTRATION]: Transmits user-provided credentials to external endpoints (api.stripe.com, slack.com, api2.frontapp.com) for validation. While these are official service APIs, the automated transmission of production secrets in a chat-driven workflow increases the risk of interception or logging of sensitive data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 10:33 PM