multi-model
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill is designed to search for and read .env files to retrieve API keys. Searching upward from the current working directory increases the risk of accessing sensitive credentials outside the intended scope.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the Bash tool to execute a local Python script (multi_model.py). This script has access to the environment and secrets loaded from .env.
- [PROMPT_INJECTION] (HIGH): The skill demonstrates an Indirect Prompt Injection surface (Category 8). It ingests untrusted data from model responses and user prompts, feeding them into a script with shell capabilities without documented sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata