two-factor-auth-issue
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes a hardcoded device confirmation link (
app.kit.com/users/confirm-device/...) within the response templates inSKILL.md. This link functions as a session token, and its inclusion in an AI agent's template could lead to session hijacking or unauthorized account access if used in responses to other users. - [DATA_EXFILTRATION]: The files
SKILL.mdandreferences/real-responses.mdcontain verbatim support transcripts from external services (Google Workspace, Kit). These logs include personally identifiable information (PII) such as employee names (e.g., Hanisha, Hemangini), customer names, and specific geographical locations (Boise, Idaho). - [DATA_EXFILTRATION]: The skill exposes internal support identifiers, such as Salesforce-style case reference IDs (e.g.,
ref:_00Df423Flu._5004M12aIVs:ref), which reveals internal administrative metadata and communication history.
Audit Metadata