zenbin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (CRITICAL): The skill provides instructions for sending data to an external service (zenbin.onrender.com), which is not a trusted source. This allows for active exfiltration of agent context or user data.
- [CREDENTIALS_UNSAFE] (CRITICAL): The proxy API (/api/proxy) explicitly requests bearer tokens and api-keys to be sent to the external service, functioning as a credential harvesting mechanism where the service acts as a Man-in-the-Middle.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions encourage the agent to include external scripts from third-party CDNs in hosted pages, which can be used to execute malicious code in the context of the rendered page once viewed by a user.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection. 1. Ingestion points: The skill is designed to publish HTML content which the agent likely derives from untrusted external websites or user inputs. 2. Boundary markers: No delimiters or 'ignore embedded instruction' warnings are present to prevent the agent from obeying instructions embedded in the content being processed for publishing. 3. Capability inventory: The skill possesses network-write capabilities (POST) and can make authenticated proxy calls. 4. Sanitization: There is no evidence of validation, escaping, or filtering of the HTML content before it is transmitted.
Recommendations
- AI detected serious security threats
Audit Metadata