byted-marketing-agent-trending-list
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the execution of system-level package management commands (
apt update && apt install python3-venv -y). These commands modify the host environment and typically require administrative privileges, posing a risk of unauthorized system modification. - [EXTERNAL_DOWNLOADS]: The skill setup process involves the automated installation of the
volcengine-python-sdklibrary from the Python Package Index (PyPI) to facilitate API communication. - [CREDENTIALS_UNSAFE]: The skill is configured to request sensitive Volcengine
AccessKeyandSecretKeycredentials from the user if they are not already available in the environment variables, which are then used to sign API requests. - [PROMPT_INJECTION]: The skill includes high-priority instructions to suppress technical implementation details, such as internal tokens and database fields, from being displayed to the user, which serves as a concealment mechanism for its internal operations.
Recommendations
- AI detected serious security threats
Audit Metadata