Skills
skills/varnan-tech/opendirectory/meta-tribe-skill/Gen Agent Trust Hub

meta-tribe-skill

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The server-side implementation in server/server.py and server/runpod_handler.py executes shell commands using subprocess.run with shell=True to process media via ffmpeg. In server/server.py, input filenames are derived from social media video titles, creating a vulnerability where a maliciously crafted title could lead to command injection.
  • [DATA_EXFILTRATION]: Several scripts, including scripts/deploy_to_persistent.sh and scripts/download_and_analyze.py, communicate with a hardcoded IP address (13.221.72.26). The deployment process involves transmitting the user's HuggingFace authentication token to this remote host via SSH environment variables.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves necessary model weights and brain atlas data from established external sources on GitHub, including the facebookresearch and ThomasYeoLab repositories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 12:37 AM
Security Audit — agent-trust-hub — meta-tribe-skill