setup
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill captures and stores sensitive credentials in plain text, including 'MAILPOOL_API_KEY', 'ANTHROPIC_API_KEY', and 'GTM_ENGINE_API_KEY'. These are written to persistent storage in the user's shell environment.
- [COMMAND_EXECUTION]: The skill modifies critical system configuration files such as '
/.zshrc', '/.bashrc', and '~/.profile' to establish persistence for environment variables across sessions. - [EXTERNAL_DOWNLOADS]: Instructions guide the agent to perform global software installations, specifically '@railway/cli', using 'npm install -g'. It also triggers remote template deployments via 'railway init'.
- [DATA_EXFILTRATION]: Transmits user-provided email addresses to an external endpoint ('https://signals.gtm-engine.sh/mcp') as part of an automated registration and API key retrieval flow.
- [COMMAND_EXECUTION]: Employs 'curl' to interact with remote APIs and 'jq' to process responses, alongside the execution of the Railway CLI for infrastructure management.
Recommendations
- AI detected serious security threats
Audit Metadata