First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
7
Score
0/100
Findings (7)
Detects AWS access key IDs
AKIAIOSFODNN7EXAMPLERemove the AWS access key from the skill definition and use environment variables or IAM roles instead. Rotate the exposed key immediately via the AWS console.
Likely FP if the matched string is a placeholder (e.g., AKIAEXAMPLE), a documentation example, or a test fixture key that is not valid.
Detects Google Cloud Platform service account credentials
"type": "service_account"Remove the GCP service account key JSON from the skill. Use Workload Identity Federation or store the key file in a secrets manager. Rotate the key in the GCP IAM console.
Likely FP if the match is documentation explaining GCP authentication setup without an actual private_key field containing a real RSA key.
Detects instructions to decode and execute base64 content
Decode and runRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects instructions to decode and execute base64 content
base64 near an access key) | `wJalrXUtnFEMI/K7MDENG/Remove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects instructions to decode and execute base64 content
base64 JSON header) | `eyJhbGciOiJIUzI1NiIsRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects webhook URLs commonly used for data exfiltration
https://webhook.siteRemove or restrict the ability to read sensitive files (e.g., /etc/passwd, ~/.ssh/*, browser profiles) and transmit their contents over the network. Add file access controls.
Likely FP if the match is in documentation explaining what files the tool accesses for legitimate purposes (e.g., reading SSH config for connection setup).
Skill can read private data (credentials, SSH keys, env vars) AND write to public channels (Slack, Discord, email). This combination enables data exfiltration.
[reads_private_data] load credentials + [writes_public_output] discord.com/api/webhooks/Break the toxic data flow by adding validation and sanitization between the input source and the sensitive operation. Do not pass untrusted data directly to file system, network, or execution APIs.
Likely FP if the data flow involves only trusted, hardcoded values and the taint analysis over-approximated the untrusted input sources.