preflight-check
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the UNIFI_API_KEY environment variable and checks for local .env files to retrieve credentials. It performs an authenticated network request to a local network address (192.168.1.1) to verify connectivity. While credentials are transmitted, the request is directed to the legitimate service endpoint.
- [COMMAND_EXECUTION]: Executes the 'gh auth status' command via the bash shell to verify the user's GitHub CLI authentication state.
- [EXTERNAL_DOWNLOADS]: The instructions recommend using the 'python-dotenv' package to manage environment variables from local files.
- [PROMPT_INJECTION]: The skill processes output from external CLI tools and API endpoints, which constitutes an indirect prompt injection surface.
- Ingestion points: Output from 'gh' CLI, Atlassian MCP tool responses, and UniFi API JSON data.
- Boundary markers: No explicit delimiters are used to wrap external content.
- Capability inventory: Includes shell command execution and network request capabilities.
- Sanitization: No specific filtering or validation of the external content is implemented.
Audit Metadata