tech-decision
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill explicitly includes environment files in its codebase scan by using the grep command with the
--include="*.env*"flag. Environment files are standard locations for sensitive data such as API keys, database credentials, and private tokens. Searching these files risks exposing secrets in the generated reports or within the agent's context. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by ingesting and processing content from various codebase files (TypeScript, Python, Markdown, etc.). Malicious instructions placed in these files could influence the agent's technical analysis or recommendations.
- Ingestion points: Codebase context is gathered using grep and cat operations on project files.
- Boundary markers: No delimiters or instructions are used to separate untrusted codebase content from the agent's internal logic.
- Capability inventory: The skill can execute shell commands via bash and write files to the local file system.
- Sanitization: There is no evidence of content sanitization or filtering of the ingested file data.
- [COMMAND_EXECUTION]: The skill employs bash to manage the project-decisions directory, write analysis results to markdown files, and dynamically generate an index file. While these are functional requirements, they utilize command execution capabilities on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata