cook-the-blog
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill workflow clones a user-specified repository and executes build commands (
npm install && npm run build) within it. This allows for arbitrary code execution if the repository is malicious or compromised. - [CREDENTIALS_UNSAFE]: The skill requires multiple sensitive secrets, including GitHub Personal Access Tokens, Google Cloud Service Account keys, and email App Passwords. These are passed through shell environment variables and file redirections, increasing the risk of exposure to local logs or other processes.
- [COMMAND_EXECUTION]: The agent is instructed to perform extensive shell operations, including cloud storage transfers (
gsutil), Git management, and dynamic Python script execution for email notifications. This broad shell access increases the attack surface for command injection. - [EXTERNAL_DOWNLOADS]: The skill relies on downloading several external CLI tools and packages from public registries at runtime, creating a supply chain risk.
- [DATA_EXFILTRATION]: The skill combines access to sensitive credential files with the ability to perform network requests and push to remote repositories, providing a potential mechanism for exfiltrating sensitive data if the agent's instructions are subverted.
Recommendations
- AI detected serious security threats
Audit Metadata