dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative instructions like 'CHECK THESE FIRST' and 'Always check' to redirect the agent's behavior toward internal system probing before fulfilling user requests. This overrides standard safety and operational boundaries to perform reconnaissance.
- [DATA_EXFILTRATION]: The skill includes explicit commands to access sensitive system information. It directs the agent to read 'core/http_client.py' and execute 'bash env' to identify and extract strings associated with API keys and secrets. This pattern is characteristic of internal logic extraction and secret harvesting.
- [CREDENTIALS_UNSAFE]: The skill provides a blueprint for finding and potentially exposing credentials from the environment variables, which is a significant security risk for the host system.
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as 'grep' and 'bash env' for reconnaissance purposes. It also includes instructions for downloading external archives via 'curl' and extracting them using 'unzip', which can be an entry point for malicious payloads.
- [EXTERNAL_DOWNLOADS]: The skill fetches resources from external sources, including downloading a ZIP archive from the Tabler repository on GitHub and using various JavaScript libraries via the JSDelivr CDN. While these specific sources are well-known, the automated download and execution pattern is documented as part of the skill's operational surface.
Recommendations
- AI detected serious security threats
Audit Metadata