Skills
skills/kidow/skills/setup-aeo-geo/Gen Agent Trust Hub

setup-aeo-geo

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Access to sensitive configuration files.
  • The skill instructs the agent to "Detect site stack" by inspecting wp-config.php, package.json, and composer.json (Phase 3). Accessing wp-config.php is high-risk because it typically contains database credentials and other sensitive environment secrets.
  • [COMMAND_EXECUTION]: Execution of local scripts.
  • The workflow requires the execution of scripts/calculate-share.py and scripts/track-trend.py to process data. While these scripts perform legitimate data aggregation, they have the capability to write files to the reports/ directory.
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability.
  • The skill processes untrusted data from user interviews and CSV files which is then included in generated reports.
  • Ingestion points: User input from interviews (Phase 2) and CSV templates (share-tracker.csv, monitoring.csv) in Phase 1 and 3.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when the agent processes this data.
  • Capability inventory: The agent has the capability to write files to the filesystem using the provided Python scripts.
  • Sanitization: There is no evidence of sanitization or escaping for data interpolated into the markdown reports, allowing an attacker to inject malicious instructions via CSV fields.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 03:50 PM
Security Audit — agent-trust-hub — setup-aeo-geo