zergboard-skill
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The
attachcommand inzergboard_skill.pyallows reading local files and uploading them to the Zergboard REST API. If the agent is manipulated into specifying a sensitive file path (e.g.,~/.ssh/id_rsaor.envfiles), this functionality could be used to exfiltrate private credentials to the remote server. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from an external source (the Zergboard API), creating a surface where an attacker with access to a board could embed instructions to influence the agent's behavior.
- Ingestion points:
zergboard_skill.pyfetches data such as card titles, descriptions, and comments from several API endpoints (e.g.,/api/me/cards,/api/search/cards,/api/cards/{id}/comments). - Boundary markers: Absent. The script emits raw JSON output to the agent without delimiters or warnings to ignore instructions within the data.
- Capability inventory: The skill includes network operations via
urllib.requestand local file read capabilities in thecmd_attachfunction. - Sanitization: Absent. API responses are parsed and returned to the agent without filtering or escaping content.
Audit Metadata