agenta

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is coherent with its stated purpose and contains no obvious malicious code or hidden exfiltration mechanisms. The primary security concerns are accidental/misconfiguration issues: insecure example credentials in the generated docker-compose, potential accidental leakage of sensitive data to external LLM providers (OPENAI/ANTHROPIC) when prompts contain secrets, and the presence of 'Bash' in declared tools which raises operational risk if an agent runtime grants shell access. These are operational security issues rather than indicators of intentional malicious behavior. Recommend: do not use example credentials in production, warn users about sending sensitive data to external providers, and limit granting shell execution privileges to the minimum necessary. LLM verification: Based on the provided SKILL.md fragment, this Agenta skill appears to implement expected features for prompt management and LLM orchestration. I found no direct evidence of malware or obfuscated code in the snippet. However, there are supply-chain and data-flow risks: unpinned pip installs, many references flagged for .config (suggesting possible access to local config files), and unclear behavioral guarantees about where prompts and provider API keys are sent/stored. The most important user saf