provider-config-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The validation scripts
scripts/validate-provider.shandscripts/test-provider-connection.shuse an unsafe pattern to load environment variables:export $(cat .env | grep -v '^#' | xargs). This is highly vulnerable to command injection if the.envfile contains crafted content likeKEY='val"; malicious_cmd; #". - REMOTE_CODE_EXECUTION (HIGH): The
scripts/test-provider-connection.shscript dynamically generates and executes Node.js (.mjs) and Python (.py) code files at runtime. Although the current templates are static, the pattern of creating and executing files on the fly is a dangerous capability that could be abused. - DATA_EXFILTRATION (MEDIUM): The skill is designed to read live API keys from the environment and perform network requests to AI providers. While intended for testing, this capability combined with the command execution vulnerabilities creates a risk of secrets being exfiltrated.
- Indirect Prompt Injection (HIGH): The skill has a large attack surface as it processes untrusted project files with high-privilege tools.
- Ingestion points: Reads
.env,package.json, andrequirements.txtfrom the project root. - Boundary markers: No delimiters or instructions are used to separate untrusted data from shell logic.
- Capability inventory: Includes full bash execution, file system writes, and network access.
- Sanitization: No sanitization is performed on project file content before shell evaluation.
Recommendations
- AI detected serious security threats
Audit Metadata