agent-job-secrets
Warn
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is explicitly designed to retrieve and display sensitive credentials (API keys, OAuth tokens) to the console. This makes these secrets available in the agent's context, where they could be exfiltrated through subsequent agent actions or if the agent is compromised.
- [COMMAND_EXECUTION]: Executes a Node.js script (
agent-job-secrets.js) that performs authenticated network requests. It uses anAGENT_JOB_TOKENpassed via environment variables to communicate with a dynamicAPP_URL. - [DATA_EXFILTRATION]: The
AGENT_JOB_TOKEN(a sensitive credential) is sent as anx-api-keyheader to any URL specified in theAPP_URLenvironment variable. IfAPP_URLis misconfigured or pointed to a malicious endpoint, this token could be harvested. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input (the secret key name) which is used to construct a network request.
- Ingestion points: The
getsubcommand inagent-job-secrets.jsaccepts a user-provided key name from the command-line arguments (rest[0]). - Boundary markers: No specific boundary markers or instructions to disregard potential instructions within the input are provided.
- Capability inventory: The script performs network GET requests using
fetchand outputs the resulting secret value directly to standard output. - Sanitization: The input key is sanitized using
encodeURIComponentbefore being appended to the request URL.
Audit Metadata