publisher
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Data Exposure & Exfiltration (HIGH): The skill's primary function is to transfer local files to remote destinations (SSH, S3). This capability can be weaponized to exfiltrate sensitive local data, such as SSH keys or environment files, if an attacker can influence the local_path argument.
- Indirect Prompt Injection (HIGH): [Ingestion points]: Reads local files via local_path. [Boundary markers]: None present. [Capability inventory]: Network file transfer and subprocess execution via python3. [Sanitization]: None mentioned. This creates a surface where malicious content within a file being 'published' could trigger unintended agent behavior.
- Command Execution (MEDIUM): The skill executes a local script (scripts/publish.py) using python3. While the script is part of the skill, it runs with the agent's host permissions and its full contents are not available for verification.
- Credentials Unsafe (MEDIUM): The requirement for resources/config.json indicates that authentication secrets for remote providers are stored on disk. This presents a risk of credential exposure if other tools or agents are directed to read this configuration file.
Recommendations
- AI detected serious security threats
Audit Metadata