default-cred-sweep
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to override agent behavior or bypass safety guidelines.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill lists public default credentials but does not expose hardcoded secrets or sensitive user data. No network exfiltration patterns were detected.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: No automated downloads or remote script executions are present. The skill suggests using 'ccupp', a standard security tool, for manual dictionary generation.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a methodology for manual analysis of service responses; it lacks automated ingestion of untrusted data and executable capabilities, presenting no significant indirect injection surface.
- [SAFE]: All content is documented as standard security auditing practice without malicious intent or obfuscation.
Audit Metadata