steedos-files
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation in
SKILL.mdcontains literal strings for AWS S3 credentials (AKIAIOSFODNN7EXAMPLEandwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) within the S3 Configuration section. While these are common documentation examples, they match the structure of sensitive access keys. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data through file uploads, creating a potential vector for indirect prompt injection.
- Ingestion points: Files uploaded to the
/api/v6/files/:collectionNameendpoint described inSKILL.md. - Boundary markers: Absent; there are no instructions provided to the agent to treat uploaded content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill enables uploading, downloading, and metadata management for files, providing a path for external data to enter the agent context.
- Sanitization: No mechanisms for validating, sanitizing, or filtering the content of uploaded files are mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata