provider-utilization-scorecard
Fail
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill modifies system persistence by installing recurring background tasks. The command
bash scripts/cron/setup-cron.sh --replaceexplicitly modifies the user's crontab to schedule theprovider-utilization-refreshtask. - [COMMAND_EXECUTION]: It executes multiple local scripts using shell and python runtimes. Commands include
bash scripts/cron/provider-utilization-refresh.sh,uv run scripts/ai/credit-utilization-tracker.py, andscripts/ai/assessment/query-quota.sh. - [DATA_EXFILTRATION]: The skill accesses potentially sensitive local data, specifically the agent's usage history and session logs (
~/.agent-usage/weekly-log.jsonlandlogs/orchestrator/...), to compute utilization metrics. - [PROMPT_INJECTION]: Vulnerability surface for Indirect Prompt Injection. The skill ingests data from external logs and uses it to drive an automated "Dispatch rule" for future work.
- Ingestion points:
logs/orchestrator/{Codex,codex,hermes,gemini}/session_*.jsonl. - Boundary markers: None specified; log data is processed directly for scorecard generation and routing.
- Capability inventory: Includes shell command execution, file writing, and crontab modification.
- Sanitization: No sanitization or validation of the ingested log content is described before it influences the automated dispatching logic.
Recommendations
- AI detected serious security threats
Audit Metadata