stack-audit
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to scan sensitive files including .env, docker-compose.yml, terraform/ directories, and secrets in CI/CD configurations. Accessing these files is necessary for the audit purpose but results in the ingestion of sensitive infrastructure and credential data into the agent's context.
- [PROMPT_INJECTION]: The skill processes untrusted external data from project files (e.g., README.md, source code, and documentation) which can harbor malicious instructions intended to manipulate the audit output or agent behavior.
- Ingestion points: Project files listed in the scanning process, including manifests, configuration files, and documentation.
- Boundary markers: The skill lacks delimiters or specific instructions to ignore embedded commands within the ingested content.
- Capability inventory: The skill requires comprehensive read access to the project's file system.
- Sanitization: No validation or sanitization of the content extracted from audited files is performed before processing.
Audit Metadata