laohan-shencha
Fail
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to scan sensitive files, specifically including .env and shell configuration files, to extract environment variables and potential secrets (e.g., OPENAI_API_KEY) using the regular expression
\b[A-Z_]{3,}\b. - [COMMAND_EXECUTION]: The skill utilizes several command-line utilities to perform network-based verification, including curl, gh (GitHub CLI), npm, pip, and docker. These tools are invoked with arguments extracted directly from user-provided workspace files, which could lead to command injection if the files are maliciously crafted.
- [DATA_EXFILTRATION]: The skill scans for and extracts system-level file paths (e.g., ~/.config/, /etc/nginx/conf.d/) and API endpoints from the user's workspace, which are subsequently used as inputs for network verification tools, creating a risk of information disclosure.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from a wide variety of workspace files (scripts, documentation, configuration) and uses the extracted content to drive high-capability tools and perform file-write operations (Phase 4: Repair) without explicit sanitization or effective boundary markers.
- [COMMAND_EXECUTION]: The skill instructs the agent to use
gh apiand potentially set or use GITHUB_TOKEN or GH_TOKEN environment variables for authentication, which involves handling sensitive credentials within the execution environment.
Recommendations
- AI detected serious security threats
Audit Metadata