Skill Trust Decision
cogdx-health
Documentation-only skill that sends agent conversation history to an external third-party API without clear data handling policies or declared allowed-tools.
Why this conclusion was reached
0/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Review
Hidden execution and egress
1 lower-risk artifacts were extracted and still need context.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Missing allowed-tools declaration +15
SKILL.md has no allowed-tools mapping despite performing network requests
Undeclared data exfiltration +20
Sends full conversation history (prompts/responses) to external api.cerebratech.ai without clear data handling disclosures
Third-party data collection +10
Agent outputs containing user inputs routed to unknown third party with no privacy policy referenced
Most important evidence
Medium Doc Mismatch
Missing allowed-tools declaration
SKILL.md lacks allowed-tools metadata declaration. Despite this, the skill performs network requests to api.cerebratech.ai. The skill metadata should explicitly declare network:READ permission.
SKILL.md:1 Add 'allowed-tools: Bash' or appropriate tool declaration if this skill will be implemented with code.
Medium Data Exfil
Conversation data sent to external third-party API
The skill sends 10-20 recent agent outputs (including user prompts and agent responses) to api.cerebratech.ai. This effectively exfiltrates conversation context to an external party without clear data retention, privacy, or consent policies documented.
SKILL.md:32 Document data handling practices, add privacy policy reference, and warn users that their prompts/responses will be sent to an external service.
Low Supply Chain
External service dependency on Cerebratech
The skill depends entirely on an external API (api.cerebratech.ai). If this service goes down, is compromised, or changes terms, the skill becomes non-functional. No fallback or local alternative exists.
SKILL.md:32 Consider documenting reliability expectations or offering a local analysis mode.
Declared capability vs actual capability
Network Pass
Declared NONE
→ Inferred READ
SKILL.md:32 POST https://api.cerebratech.ai/cogdx-health Filesystem Pass
Declared NONE
→ Inferred NONE
N/A - no file operations Shell Pass
Declared NONE
→ Inferred NONE
N/A - no shell execution Environment Pass
Declared NONE
→ Inferred NONE
N/A - no env access Skill Invoke Pass
Declared NONE
→ Inferred NONE
N/A - no skill chaining Clipboard Pass
Declared NONE
→ Inferred NONE
N/A - no clipboard access Browser Pass
Declared NONE
→ Inferred NONE
N/A - no browser usage Database Pass
Declared NONE
→ Inferred NONE
N/A - no DB access Suspicious artifacts and egress
Medium External URL
https://api.cerebratech.ai/cogdx-health SKILL.md:25
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 155 lines
Markdown 2 files · 155 lines
Files of concern · 1
SKILL.md Missing allowed-tools declaration · Conversation data sent to external third-party API · External service dependency on Cerebratech · https://api.cerebratech.ai/cogdx-health
Other files · api.md
Security positives
No executable code present - skill is documentation only
API endpoint and data format are fully documented
No obfuscated code, base64 payloads, or suspicious patterns detected
No credential harvesting, SSH key access, or sensitive file operations
No reverse shell, C2, or direct IP-based malicious communication
Skill purpose is transparent (cognitive health assessment)
MIT license declared with author attribution