things-manager
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions require the user to save their Things Cloud password in plaintext within shell configuration files (~/.zshrc or ~/.bashrc). This practice exposes sensitive credentials to any local user or process with read access to these files.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing code from a non-trusted third-party GitHub repository (arthursoares/things-cloud-sdk). Installing and executing unvetted binaries from unknown sources poses a significant security risk.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute a third-party CLI utility. Specifically, the 'batch' operation pipes JSON strings directly to the binary, which could lead to unexpected behavior if the input data is not properly validated.
- [PROMPT_INJECTION]: Data retrieved from Things Cloud (such as task titles and notes) is ingested into the agent context. Without boundary markers or sanitization, this creates a surface for indirect prompt injection if an attacker can influence the content of the tasks.
Recommendations
- AI detected serious security threats
Audit Metadata