skills/zuoa/md2we/md2we-ai-assistant/Gen Agent Trust Hub

md2we-ai-assistant

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions provide a command pattern (using jq and curl) that explicitly extracts the OPENAI_API_KEY from the local environment and includes it in a JSON payload sent to the remote service https://md2we.com.
  • [DATA_EXFILTRATION]: The skill uses curl to send the content of local files (e.g., article.md) to the external domain md2we.com. This domain is not a recognized trusted service or organization.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute curl commands and jq for data manipulation to facilitate external network requests.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 08:19 AM
Security Audit — agent-trust-hub — md2we-ai-assistant