Skills
skills/aradotso/devtools-skills/sigcli-auth-proxy/Gen Agent Trust Hub

sigcli-auth-proxy

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The sig run command enables the execution of arbitrary shell commands, which are automatically provided with sensitive environment variables and credentials based on configured rules.
  • [DYNAMIC_EXECUTION]: The configuration supports a validateRule feature, which executes JavaScript expressions to validate authentication status based on response bodies and headers from external websites.
  • [CREDENTIALS_UNSAFE]: The skill extracts, stores, and manages highly sensitive data including session cookies, OAuth tokens, and localStorage values in the ~/.sig/credentials/ directory. It also includes a command sig get --no-redaction that displays raw secrets in the terminal.
  • [EXTERNAL_DOWNLOADS]: The installation process requires downloading and globally installing the @sigcli/cli package from the NPM registry.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing data from untrusted external sources (APIs) and using it within the validateRule logic to determine authentication success.
  • [DATA_EXFILTRATION]: The sig proxy feature implements a Man-in-the-Middle (MITM) proxy that intercepts network traffic to inject credentials, which creates a capability to monitor or redirect sensitive data if the proxy is misconfigured or compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 11:52 PM