Skills
skills/starchild-ai-agent/community-skills/@1463/dashboard/Gen Agent Trust Hub

@1463/dashboard

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to scan the execution environment for secrets using the command bash env | grep -i "api_key\|_key", which can facilitate the unauthorized exposure of sensitive credentials like AWS or OpenAI keys.
  • [COMMAND_EXECUTION]: Instructions guide the agent to read internal configuration files such as core/http_client.py to identify internal proxy settings and supported domains, which constitutes unauthorized system mapping.
  • [EXTERNAL_DOWNLOADS]: The skill fetches dashboard templates from the official Tabler GitHub repository and utilizes well-known CDNs like JSDelivr for library integration; these are documented as well-known and safe sources.
  • [PROMPT_INJECTION]: The skill architecture processes untrusted data from external APIs to populate dashboards without implementing sanitization or boundary markers, creating a surface for indirect prompt injection. (Ingestion points: Javascript fetch calls in index.html and data.js; Capability inventory: file system read and shell execution; Sanitization: No validation or boundary markers are provided for external content).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 03:11 AM
Security Audit — agent-trust-hub — @1463/dashboard