Skills
skills/nostrband/servicegraph/find-seo-agency/Gen Agent Trust Hub

find-seo-agency

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The instructions explicitly direct the agent to access and read local sensitive files, specifically .env and .env.local, to search for a SERVICEGRAPH_TOKEN.
  • [CREDENTIALS_UNSAFE]: The skill mandates that the agent use any discovered token immediately and without user consent, stating 'If you find it, use it; don't ask.'
  • [COMMAND_EXECUTION]: The skill provides shell command patterns for the agent to execute, such as calculating a firm_id handle using openssl and sha256 hash functions on a domain name.
  • [DATA_EXFILTRATION]: The agent is instructed to transmit the extracted API token and user-related data to an external endpoint (https://api.servicegraph.co) via HTTP requests.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 08:53 AM
Security Audit — agent-trust-hub — find-seo-agency