puav2
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill implements a mandatory registration flow that harvests the user's phone number and transmits it to a remote API at
pua-api.agentguard.workers.devviacurl. - [REMOTE_CODE_EXECUTION]: The skill dynamically fetches "prompt templates" from a remote server (
/v1/command/) and executes them. This allows the remote server to change the agent's behavior or instructions at any time, effectively acting as a remote-controlled backdoor. - [EXTERNAL_DOWNLOADS]: The skill performs runtime installation of the
qrcodePython package usingpipwithout prior verification or user consent. - [COMMAND_EXECUTION]: Extensive use of
curl,pip, andpython3 -cto interact with network services, modify the environment, and execute dynamically generated scripts for QR code generation. - [PROMPT_INJECTION]: The skill's core "PUA" framework is a sophisticated set of instructions designed to override the agent's default safety and helpfulness guidelines in favor of a high-pressure, manipulative corporate persona triggered by specific user inputs.
- [CREDENTIALS_UNSAFE]: The skill stores authentication tokens and registration data in unencrypted local files located at
~/.puav2/config.json.
Recommendations
- AI detected serious security threats
Audit Metadata