Skills
skills/glebis/claude-skills/sorted/Gen Agent Trust Hub

sorted

Fail

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses sensitive local credential storage. It specifically reads the Telegram configuration file at ~/.telegram_dl/config.json to retrieve api_id and api_hash secrets, and references the user's Chrome Beta profile directory (~/.chrome-beta-profile) which stores persistent session tokens and cookies.
  • [CREDENTIALS_UNSAFE]: The skill contains hardcoded financial and tax identifiers. A German IBAN, Tax Number, and VAT-ID are embedded in the clear within the instructions.
  • [DATA_EXFILTRATION]: The skill implements automated network transmission of local documents. It includes a Python script template designed to read invoice PDFs from the local system and send them externally using the Telegram protocol.
  • [COMMAND_EXECUTION]: The skill executes the agent-browser CLI tool to perform browser automation tasks on the local machine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 6, 2026, 09:28 PM