last30days
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes dedicated logic in
scripts/lib/chrome_cookies.py,scripts/lib/safari_cookies.py, andscripts/lib/cookie_extract.pyto programmatically access, extract, and decrypt browser cookie databases. Additionally,scripts/lib/env.pyandscripts/setup-keychain.shutilize the systemsecuritytool to harvest multiple API keys directly from the macOS Keychain. - [DATA_EXFILTRATION]: The harvested credentials and session tokens are used to authenticate with and send data to various external API endpoints, such as
api.scrapecreators.com,api.x.ai, andopenrouter.ai, creating a significant data exposure risk. - [PROMPT_INJECTION]: The
SKILL.mddefines a 'VOICE CONTRACT LAW' that uses authoritative language to override the agent's global formatting preferences and tool-specific requirements. It specifically commands the agent to disregard mandatory citation rules from theWebSearchtool and run arbitrary shell commands for its own internal 'self-checks'. - [COMMAND_EXECUTION]: Multiple scripts within the skill (
scripts/verify_v3.py,scripts/watchlist.py,scripts/lib/env.py,scripts/lib/subproc.py,scripts/lib/chrome_cookies.py) execute shell commands usingsubprocess.runandsubprocess.Popento perform system-level tasks, manage external process groups, and interact with OS security utilities.
Recommendations
- AI detected serious security threats
Audit Metadata