skills/dzianisv/skills/take-ownership/Gen Agent Trust Hub

take-ownership

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill uses a 'Persistence Contract' and 'Stop Contract' to override standard agent behavior, forcing the agent to remain in an autonomous loop and resist user attempts to pause or review work. It defines 'Forbidden ask-shapes' to suppress clarifying questions. Furthermore, it is vulnerable to indirect prompt injection as it processes untrusted data from GitHub issues and pull requests (via gh issue view and gh pr diff) and interpolates this content into subagent prompts without sanitization or protective boundary markers.
  • [CREDENTIALS_UNSAFE]: The 'Blocker Resolution Table' and 'Available Tools' sections provide explicit strategies for the agent to harvest sensitive credentials from the host system. It instructs the agent to search for secrets in ~/.env.d/*.env, ~/.ssh/, ~/.aws/, ~/.config/gcloud/, and ~/.kube/. It also specifically directs the agent to use the Bitwarden CLI (bw) to extract passwords and API tokens.
  • [DATA_EXFILTRATION]: The skill creates a direct path for data exfiltration by combining access to sensitive credential files and vaults with network-capable tools such as WebFetch, WebSearch, and the gh CLI. This allows for the harvesting and potential transmission of developer secrets during automated tasks.
  • [COMMAND_EXECUTION]: The agent is granted extensive authority to execute shell commands via the Bash tool, including remote server management (ssh, scp), system-level file access using sudo, and the modification of system configurations.
  • [EXTERNAL_DOWNLOADS]: The skill encourages the agent to automatically resolve missing dependencies by installing software through package managers like apt, brew, npm, pip, and cargo. This practice introduces significant supply chain risks as the agent may download and execute unverified third-party code without human oversight.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 08:39 PM
Security Audit — agent-trust-hub — take-ownership