dev-security-audit
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to locate and read highly sensitive credential files, including AWS access keys (
~/.aws/credentials), GCP/Azure tokens, and SSH private keys (~/.ssh/id_*). Accessing these paths constitutes high-severity data exposure as the content enters the agent's execution context. - [COMMAND_EXECUTION]: The workflow relies on executing a wide range of shell commands for system inventory and auditing, including
find,grep,launchctl, andosascript. This includes scanning system-level paths and user-space application data. - [REMOTE_CODE_EXECUTION]: The Phase 0 'Supply Chain IoC Dispatch' implements a dynamic execution pattern where shell commands are loaded from external markdown files (
references/cases/*.md) and executed at runtime. This allows for arbitrary command execution based on the results of the 'Dispatch Algorithm'. - [DATA_EXFILTRATION]: Phase 2 targets local databases of Electron-based applications (such as Slack, VS Code, and Discord) to extract session tokens and authentication secrets from LevelDB files.
- [DATA_EXFILTRATION]: The skill explicitly scans for and enumerates browser 'Login Data' and cookies across Chrome, Firefox, and Arc, which contains saved credentials and session identifiers.
- [REMOTE_CODE_EXECUTION]: The skill performs shell history scanning using regex patterns to extract service tokens (OpenAI, Anthropic, GitHub, etc.), exposing these secrets during the audit process.
Recommendations
- AI detected serious security threats
Audit Metadata