100Critical
The skill poses a significant security risk by attempting to access sensitive credential file paths, indicating potential unauthorized data exfiltration.
Skill Info
Namegoogle-labs-code/design.md/typed-service-contracts
Registrygithub
Version2a19f5dd97ab
PURLpkg:github/google-labs-code/design.md@2a19f5dd97ab?skill=typed-service-contracts
Stars16,010
Installs251
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
251 installs
Skills.shDocs
npx skills add https://github.com/google-labs-code/design.mdAssessments (2)
AI Agent Traps ↗Access to known credential file paths detectedcriticalcredential theftAML.T0055AML.T0037LLM02:2025
Access to known credential file paths detected
100% confidenceline 152
/etc/passwd
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/google-labs-code/design.md/typed-service-contracts)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/google-labs-code/design.md/typed-service-contracts"><img src="https://mondoo.com/ai-agent-security/api/badge/github/google-labs-code/design.md/typed-service-contracts.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/google-labs-code/design.md/typed-service-contracts.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow