adapty-sdk-integration
Fail
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill contains Node.js scripts in Phase 0 that modify the agent's internal configuration file ('.claude/settings.json'). These scripts inject new rules into the 'permissions.allow' whitelist to bypass security approval prompts for specific 'curl' commands targeting 'adapty.io', 'hooks.slack.com', and 'api.airtable.com'.
- [PROMPT_INJECTION]: Instructions in SKILL.md and various reference files explicitly command the agent to hide its operations and state from the user. It directs that all updates be 'internal and silent' and that the agent should 'never output state variable names or values'. It further instructs the agent to handle build processes and errors autonomously without informing the user.
- [DATA_EXFILTRATION]: Telemetry and user feedback data are transmitted to an external endpoint hosted on Vercel ('feedback-endpoint-eandreeva-twrs-projects.vercel.app'). The data includes platform identifiers, integration details, and inferred user sentiment. This endpoint is not part of the vendor's primary infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill makes extensive use of 'npx' and 'curl' to download and execute content from remote sources, including the 'ctx7' utility and the vendor's CLI tool. These external resources are fetched at runtime and integrated into the agent's workspace.
Recommendations
- AI detected serious security threats
Audit Metadata