Skills
skills/qfeius/contract-cli/auth/Gen Agent Trust Hub

auth

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute contract-cli commands such as 'config add' and 'auth login' to manage environments and user/bot sessions in SKILL.md.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive data including app secrets and access tokens. It provides security guidelines to avoid displaying these in plain text and recommends using environment variables for bot credentials in SKILL.md.
  • [DATA_EXFILTRATION]: The skill reads and writes to ~/.contract-cli/config.json and ~/.contract-cli/secrets.json to store session tokens and configuration. Mandatory Evidence Chain for Category 8: 1. Ingestion points: ~/.contract-cli/config.json (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: contract-cli command execution (SKILL.md). 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 02:49 AM
Security Audit — agent-trust-hub — auth