audit-plugin-l5
Fail
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded credential patterns detected in
tests/flawed-plugin/scripts/bad_script.py. The file contains an assembled credential string and hardcoded authorization token placeholders. - [DATA_EXFILTRATION]: Access to sensitive environment variables. The script
tests/flawed-plugin/scripts/bad_script.pyattempts to readDATABASE_PASSWORDfrom the system environment, which could be used to harvest database credentials. - [EXTERNAL_DOWNLOADS]: Unauthorized network operations to non-whitelisted domains. The script
tests/flawed-plugin/scripts/bad_script.pyuses therequestslibrary to communicate withhttps://example.invalid/api, andtests/flawed-plugin/scripts/danger.shusescurlto accesshttps://example.com/data. - [COMMAND_EXECUTION]: Use of dangerous subprocess calls for shell execution. The file
tests/flawed-plugin/scripts/bad_script.pyusessubprocess.runto execute commands, creating a potential vector for command injection. - [PROMPT_INJECTION]: Vulnerability to indirect prompt injection (Category 8). The skill ingests external data (plugin files) for analysis. It lacks explicit boundary markers or sanitization for this untrusted content, and the agent has access to capabilities like
Bash,Read, andWrite(specified inSKILL.mdandl5-red-team-auditor.md), which could be abused if malicious instructions are found in processed files.
Recommendations
- AI detected serious security threats
Audit Metadata