brownfield-greenfield
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command to analyze Git churn, which involves piping multiple commands.
- Evidence:
git log --format=format: --name-only | sort | uniq -c | sort -rn | head -30in Phase 1. - [DATA_EXFILTRATION]: The skill explicitly directs the agent to locate and extract sensitive information from the project environment.
- Evidence: "Search for HTTP clients, SDK imports, env vars with URLs/keys" under the 'Integration boundaries' category in Phase 1.
- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it ingest large amounts of untrusted data from the analyzed codebase without sanitization.
- Ingestion points: README files, architecture documentation, code comments, and Git commit logs (via the
git logcommand). - Boundary markers: Absent. The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious commands embedded in the project files.
- Capability inventory: The skill possesses file-read capabilities across the entire project directory and the ability to execute shell commands via a subprocess.
- Sanitization: Absent. There is no logic provided to filter or escape the content extracted from the codebase before it is used to influence subsequent analysis phases.
Audit Metadata