dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains instructions for the agent to perform environment reconnaissance to find secrets.
- Evidence: The command
bash env | grep -i "api_key\|_key"inSKILL.mdis explicitly provided to help the agent discover configured authentication keys. - [COMMAND_EXECUTION]: The skill directs the agent to read internal source code files to discover system-level proxy configurations and undocumented endpoints.
- Evidence: The instruction to run
read_file core/http_client.py | grep -A 15 "DEFAULT_PROXIED_APIS"inSKILL.mddemonstrates unauthorized access to internal system components. - [EXTERNAL_DOWNLOADS]: The skill downloads external code archives and references several third-party libraries via CDNs.
- Evidence:
curl -L https://github.com/tabler/tabler/archive/refs/heads/main.zip -o tabler.zipinSKILL.mddownloads external software, and the HTML templates include script tags targetingcdn.jsdelivr.netandd3js.org. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from numerous external financial and environmental APIs without security boundaries.
- Ingestion points: Multiple external APIs including CoinGecko, Twelve Data, and Open-Meteo are fetched in
SKILL.md. - Boundary markers: Absent from the integration logic.
- Capability inventory: The skill utilizes
bashandread_filecapabilities across its instructions. - Sanitization: No sanitization or validation of external API responses is present before processing or displaying data.
Recommendations
- AI detected serious security threats
Audit Metadata