Skills
skills/mukul975/anthropic-cybersecurity-skills/securing-container-registry-with-harbor/Gen Agent Trust Hub

securing-container-registry-with-harbor

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded credentials (admin:Harbor12345) are used throughout SKILL.md in example commands and as default values within the main function of scripts/agent.py.
  • [COMMAND_EXECUTION]: The script scripts/process.py explicitly disables SSL certificate verification (ssl.CERT_NONE) and hostname checking. This practice exposes the agent and the user to Man-in-the-Middle (MitM) attacks when interacting with Harbor APIs.
  • [COMMAND_EXECUTION]: The skill relies on several external CLI tools (helm, cosign, curl) and executes shell-based logic for registry configuration and validation.
  • [DATA_EXFILTRATION]: Both scripts/agent.py and scripts/process.py perform outbound network requests to arbitrary URLs provided as arguments. While this is the primary function of the audit tool, the lack of URL validation or whitelisting could allow the scripts to be used for SSRF-like probing of internal infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 12:40 PM