last30days

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes dedicated logic in scripts/lib/chrome_cookies.py, scripts/lib/safari_cookies.py, and scripts/lib/cookie_extract.py to programmatically access, extract, and decrypt browser cookie databases. Additionally, scripts/lib/env.py and scripts/setup-keychain.sh utilize the system security tool to harvest multiple API keys directly from the macOS Keychain.
  • [DATA_EXFILTRATION]: The harvested credentials and session tokens are used to authenticate with and send data to various external API endpoints, such as api.scrapecreators.com, api.x.ai, and openrouter.ai, creating a significant data exposure risk.
  • [PROMPT_INJECTION]: The SKILL.md defines a 'VOICE CONTRACT LAW' that uses authoritative language to override the agent's global formatting preferences and tool-specific requirements. It specifically commands the agent to disregard mandatory citation rules from the WebSearch tool and run arbitrary shell commands for its own internal 'self-checks'.
  • [COMMAND_EXECUTION]: Multiple scripts within the skill (scripts/verify_v3.py, scripts/watchlist.py, scripts/lib/env.py, scripts/lib/subproc.py, scripts/lib/chrome_cookies.py) execute shell commands using subprocess.run and subprocess.Popen to perform system-level tasks, manage external process groups, and interact with OS security utilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 03:48 AM
Security Audit — agent-trust-hub — last30days