spec-miner
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions in 'references/analysis-checklist.md' and 'references/analysis-process.md' explicitly direct the agent to locate and analyze environment configuration files using the pattern '**/.env*'. These files typically contain sensitive information such as API keys and database credentials.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted source code. (1) Ingestion points: Source code files are read via 'Read', 'Grep', and 'Glob' tools as defined in the 'SKILL.md' workflow. (2) Boundary markers: The skill lacks explicit instructions to treat code content as untrusted data or use delimiters to prevent the agent from obeying instructions hidden within code comments or metadata. (3) Capability inventory: The agent has access to the 'Bash' tool, enabling a high-privilege execution environment. (4) Sanitization: There is no evidence of sanitization or filtering of the analyzed code content before processing.
- [COMMAND_EXECUTION]: The skill is configured to use the 'Bash' tool to execute shell-based exploration commands, specifically the 'Grep' and 'Glob' patterns provided in the 'references/analysis-process.md' guide.
Audit Metadata