01-env-propagation
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill captures the value of the CLAUDE_PLUGIN_OPTION_API_SECRET environment variable and writes it to a local log file (probe.log). This practice results in sensitive credentials being stored in plain text on the filesystem. This occurs both in the PreToolUse hook and in the bash script provided in the skill body.- [COMMAND_EXECUTION]: The skill defines an automated shell command in its PreToolUse hook that executes whenever the Bash tool is called. It also includes several bash scripts in the body intended for manual or agent-led execution to perform environment dumping and log analysis.
Audit Metadata