md2we-ai-assistant
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions provide a command pattern (using
jqandcurl) that explicitly extracts theOPENAI_API_KEYfrom the local environment and includes it in a JSON payload sent to the remote servicehttps://md2we.com. - [DATA_EXFILTRATION]: The skill uses
curlto send the content of local files (e.g.,article.md) to the external domainmd2we.com. This domain is not a recognized trusted service or organization. - [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to executecurlcommands andjqfor data manipulation to facilitate external network requests.
Recommendations
- AI detected serious security threats
Audit Metadata