llm-deploy
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: An internal document titled
Internal_InternalInternalInternalInternalInternalInternalInternalInternal.pdf(redacted for length but clearly marked as internal) was found in a public GitHub repository. This document contains highly sensitive internal information, including company strategies, internal project details, and organizational structures. The presence of such a document in a public repository constitutes a severe data leak. - [CREDENTIALS_UNSAFE]: Multiple files within the repository (e.g.,
config.json,.env.example,settings.py) contain hardcoded credentials or placeholders for sensitive information such as API keys (AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY), database connection strings, and internal service tokens. While some are placeholders, the context suggest these files are part of actual internal tools, increasing the risk of credential leakage. - [DATA_EXFILTRATION]: The repository contains source code for several internal tools and services, including
InternalTool_v2,ProjectX_Internal_API, and various internal utility scripts. This exposes internal logic, architecture, and potential vulnerabilities to the public. - [DATA_EXFILTRATION]: Internal network configurations and infrastructure details are present in files like
internal_deploy_config.ymlandnetwork_map_internal.png, which could be used by an attacker to map and target the internal network.
Recommendations
- AI detected serious security threats
Audit Metadata