Skills
skills/thinkfleetai/thinkfleet-engine/plaid/Gen Agent Trust Hub

plaid

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the plaid-cli tool from a personal GitHub repository (github.com/jverdi/plaid-cli@0.0.2) using the Go package manager. The source is an individual developer rather than a trusted organization or well-known service.
  • [CREDENTIALS_UNSAFE]: Orchestrates the use of highly sensitive financial credentials, including PLAID_CLIENT_ID and PLAID_SECRET. It also references a local configuration file (~/.plaid-cli/config.toml) and a data directory (~/.plaid-cli) that store access tokens.
  • [COMMAND_EXECUTION]: Employs shell commands to link accounts, query balances, and process transaction data. It specifically utilizes jq for parsing JSON output and shell redirection for state management in /tmp files.
  • [DATA_EXFILTRATION]: While no malicious exfiltration to a remote server is explicitly defined, the skill is designed to retrieve and store sensitive financial transactions and account balances locally, which increases the attack surface for data exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 05:15 AM