deepseek-vision

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The analyze-image script proactively parses the user's shell profile files (~/.zshrc, ~/.bashrc, ~/.bash_profile, and ~/.profile) to search for and extract the DASHSCOPE_API_KEY credential using grep and sed.
  • [DATA_EXFILTRATION]: The skill allows reading any local file provided as a path (such as SSH keys or environment configuration files) and transmits its content as a base64-encoded string to a remote API endpoint via curl.
  • [COMMAND_EXECUTION]: The tool relies on a configurable DSVISION_BASE_URL environment variable which can be leveraged to redirect captured file contents and extracted credentials to an arbitrary attacker-controlled external server.
  • [COMMAND_EXECUTION]: The script executes multiple shell subprocesses including curl, base64, grep, and jq to process data and interact with external network services.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 01:18 PM
Security Audit — agent-trust-hub — deepseek-vision