bootstrap
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill retrieves a GitHub authentication token using
gh auth tokenand embeds it directly into a Git URL for cloning operations (https://${GH_TOKEN}@github.com/...). This practice can leak sensitive credentials via process lists, shell history, or local Git logs. - [COMMAND_EXECUTION]: The skill executes bash scripts that interpolate user-provided arguments, such as repository URLs and branch names, directly into commands without sanitization. This creates a significant risk of command injection if a user provides malicious input.
- [REMOTE_CODE_EXECUTION]: The skill generates a standalone shell script and explicitly instructs the user to execute it outside the agent's monitored environment. This moves execution logic to a script that is not subject to the agent's safety constraints.
- [EXTERNAL_DOWNLOADS]: The skill performs Git clone operations from GitHub repositories based on user input or detected remotes.
- [DATA_EXFILTRATION]: The skill interacts with the user's SSH configuration by attempting to clear SSH control sockets (
~/.ssh/control-*) and reads GitHub authentication tokens.
Recommendations
- AI detected serious security threats
Audit Metadata