Skills
skills/aiskillstore/marketplace/shareone/Gen Agent Trust Hub

shareone

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages authentication credentials by reading from and writing to a local file at ~/.shareone_credentials and accessing sensitive environment variables such as SUDOWORK_AUTH_PROXY_TOKEN.
  • [DATA_EXFILTRATION]: The script scripts/check_api_key.js outputs the discovered API key directly to the standard output (KEY_FOUND:<api_key>), which exposes the secret to the agent's context and potential logs.
  • [PROMPT_INJECTION]: The skill includes a skill-report.json file containing a pre-existing security audit that claims the skill is safe. This acts as a self-authoritative safety claim designed to influence evaluation and bypass security analysis.
  • [DATA_EXFILTRATION]: Several scripts, including scripts/update_share_settings.js, allow the API base URL to be overridden via a command-line argument (--base-url). If influenced by a malicious prompt, this could be used to redirect authenticated requests and credentials to an attacker-controlled server.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the external ShareOne platform (comments and file downloads) and instructs the agent to process it, creating an indirect prompt injection surface.
  • Ingestion points: scripts/download_share.js (file content) and scripts/shareone_api_request.js (comment retrieval).
  • Boundary markers: Absent.
  • Capability inventory: The skill can write files and perform authenticated network operations.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:25 AM
Security Audit — agent-trust-hub — shareone