Skills
skills/davepoon/buildwithclaude/ops-settings/Gen Agent Trust Hub

ops-settings

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (the ! command syntax) in SKILL.md to automatically execute a shell command that reads the preferences.json file upon loading. This injects raw secrets and API keys directly into the agent's context.
  • [CREDENTIALS_UNSAFE]: The skill is designed to target and read a sensitive configuration file located at ~/.claude/plugins/data/ops-ops-marketplace/preferences.json to access stored integration tokens.
  • [DATA_EXFILTRATION]: The skill reads local credentials and uses curl to transmit them to external API endpoints belonging to services such as Stripe, Slack, and Klaviyo for verification.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the npx command to fetch and execute the @dopplerhq/mcp-server package from the npm registry during a smoke test.
  • [REMOTE_CODE_EXECUTION]: The integration tests involve downloading and running external code via npx, which executes remote logic within the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 06:48 AM