Oathe Security Badge

Is referodesign/refero_skill safe?

https://github.com/referodesign/refero_skill

85
SAFE

This is a legitimate design methodology skill providing comprehensive documentation and workflows for research-first design using Refero MCP tools. While sensitive files were accessed during installation, no actual data exfiltration occurred and the skill contains only documentation with no executable code.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM Sensitive File Access During Installation -25

The skill installation process accessed multiple sensitive credential files including .env, SSH keys, AWS credentials, Docker config, and GCloud credentials. However, filesystem monitoring confirmed these files were not modified or their contents exfiltrated.

LOW Complex Instructional Content -5

The skill contains extensive design methodology instructions that could potentially overwhelm or confuse agent behavior, though no actual prompt injection attempts were detected.

LOW File System Monitoring Anomaly -10

Pattern of accessing credential files is unusual for a documentation-only skill, though this may be related to audit environment monitoring rather than malicious behavior.