zergboard-skill

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE]: The attach command in zergboard_skill.py allows reading local files and uploading them to the Zergboard REST API. If the agent is manipulated into specifying a sensitive file path (e.g., ~/.ssh/id_rsa or .env files), this functionality could be used to exfiltrate private credentials to the remote server.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from an external source (the Zergboard API), creating a surface where an attacker with access to a board could embed instructions to influence the agent's behavior.
  • Ingestion points: zergboard_skill.py fetches data such as card titles, descriptions, and comments from several API endpoints (e.g., /api/me/cards, /api/search/cards, /api/cards/{id}/comments).
  • Boundary markers: Absent. The script emits raw JSON output to the agent without delimiters or warnings to ignore instructions within the data.
  • Capability inventory: The skill includes network operations via urllib.request and local file read capabilities in the cmd_attach function.
  • Sanitization: Absent. API responses are parsed and returned to the agent without filtering or escaping content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:06 AM
Security Audit — agent-trust-hub — zergboard-skill