Skills
skills/sungjunlee/beopsuny-skill/beopsuny/Gen Agent Trust Hub

beopsuny

Fail

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to send the user's private 'OC code' (an API key for the Korean government legal database) to a third-party proxy service hosted on Fly.io (korean-law-mcp.fly.dev). This exposes sensitive user credentials to an unverified intermediary.
  • [COMMAND_EXECUTION]: The skill relies on complex shell operations for data management, including automated rm -rf and git clone commands triggered when updates fail. These operations are performed on directories within the user's home folder (~/.beopsuny/data).
  • [COMMAND_EXECUTION]: Shell commands such as cat, ls, and git log are constructed using variable interpolation from external API search results (e.g., law names and 사건번호). This represents a command injection risk if the external API returns malicious or specially crafted strings.
  • [EXTERNAL_DOWNLOADS]: The skill clones large datasets from third-party GitHub repositories (legalize-kr/legalize-kr and legalize-kr/precedent-kr) and fetches live data from an external API (api.beopmang.org). These sources are not part of any verified organization or whitelisted domain.
  • [PROMPT_INJECTION]: As a legal assistant, the skill processes untrusted data from external APIs and user-supplied contracts. The instructions lack explicit sanitization or boundary markers (like XML tags or 'ignore' instructions) when interpolating this external content into prompts or shell paths, creating a surface for indirect prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 12, 2026, 01:13 PM