manage-apps-and-sounds-headless
Fail
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Explicit instructions to bypass system-level network security controls.
- Evidence: The skill documentation instructs the agent to use
env -u HTTPS_PROXY -u HTTP_PROXYandcurl --noproxy '*'to intentionally circumvent sandbox proxy restrictions. - Impact: This allows the agent to establish unmonitored network connections, bypassing organizational security filters and traffic logging.
- [CREDENTIALS_UNSAFE]: Sensitive account credentials are exported into the shell environment.
- Evidence: The script fetches and exports Pushover login emails and passwords using
export PO_EMAILandexport PO_PW. - Impact: Placing raw credentials in environment variables makes them accessible to any subprocess and potentially exposes them in process listings or system logs.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and processing of arbitrary remote content.
- Evidence: The helper script
make_custom_sound.shaccepts a<url>parameter to fetch MP3 files from external sources. - Impact: Processing untrusted remote files through media processing pipelines (likely FFmpeg) without explicitly documented sanitization creates an attack surface for media-based exploit vectors.
- [DATA_EXFILTRATION]: Capability to extract and transmit sensitive API tokens outside of monitored channels.
- Evidence: The
WEB create-appcommand is designed to capture and reveal 30-character API tokens. - Impact: Combined with the proxy bypass instructions, this capability allows a malicious actor to exfiltrate newly generated access tokens to an external endpoint without detection.
Recommendations
- AI detected serious security threats
Audit Metadata