steedos-builder6-api
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The authentication documentation for the
/api/v6/auth/loginendpoint includes a hardcoded password example (password123). While this is likely a placeholder, it matches static credential exposure patterns. - [DATA_EXFILTRATION]: The login endpoint supports a
redirect_toparameter, which represents a potential surface for open redirect attacks if the destination is not properly validated by the backend service. - [COMMAND_EXECUTION]: The documentation describes a Direct MongoDB API (
/api/v6/direct/) which provides administrative CRUD access to database records while explicitly bypassing standard permission checks.
Audit Metadata