information-disclosure-methodology
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill contains instructions to access highly sensitive files and directories, including SSH private keys ('.ssh/id_rsa'), environment configuration files ('.env'), and Docker configuration ('.dockerenv').
- [COMMAND_EXECUTION]: It provides various shell commands using 'curl' to probe for sensitive paths and uses tools like 'sqlite3' to query extracted metadata from '.svn' directories.
- [EXTERNAL_DOWNLOADS]: The instructions recommend installing and using third-party tools ('git-dumper', 'GitHacker', 'svn-extractor', 'dvcs-ripper') to download and reconstruct remote source code repositories.
- [CREDENTIALS_UNSAFE]: The methodology explicitly directs the agent to search for hardcoded credentials, API keys, and database connection strings within the recovered source code and configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata