unbroker
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Python
subprocessmodule inscripts/cdp.pyto launch local web browsers for automated navigation and inscripts/crypto.pyto manage encryption keys and perform file encryption/decryption using theageutility. Both implementations utilize the list-based argument format which effectively prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The script
scripts/badbool.pyfetches the 'Big-Ass Data Broker Opt-Out List' from a public GitHub repository managed by a known privacy researcher. Additionally,scripts/registry.pyfetches the official Data Broker Registry from the California CPPA government website. These downloads are central to the skill's data-broker coverage and originate from well-known/trusted sources. - [DATA_EXFILTRATION]: As part of its primary function, the skill sends emails containing personal identifiable information (PII) to data brokers to request data removal. The
scripts/emailer.pymodule includes a critical security control that locks the recipient address to only those officially declared in the curated broker database, preventing the agent from being manipulated into sending PII to arbitrary external addresses. - [CREDENTIALS_UNSAFE]: The skill requires
EMAIL_PASSWORDandBROWSERBASE_API_KEYenvironment variables to enable automated email sending and cloud-based browser scanning. The skill follows best practices by instructing users to store these in environment variables or a.envfile rather than hardcoding them. - [DATA_EXPOSURE]: Personal information is stored in dossiers under the user's home directory. The skill enforces restrictive file permissions (
0600) and provides an optional at-rest encryption feature using theagebinary to protect sensitive data from unauthorized local access.
Audit Metadata