secrets
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill provides a script
scripts/scan_secrets.pyand instructions for the agent to execute it to scan the project directory for hardcoded secrets. The script is written in plain Python and uses standard libraries to perform regex-based searches. It does not perform any network operations or system modifications. - EXTERNAL_DOWNLOADS (SAFE): The references guide users to install standard, well-vetted libraries like
python-dotenvanddotenvfor environment variable management from official repositories. - INDIRECT PROMPT INJECTION (LOW): The
scan_secrets.pyutility reads content from the user's codebase and reports findings back to the agent. This creates a surface where a malicious file in the project could contain a prompt injection designed to be read by the scanner. Evidence Chain: (1) Ingestion points:scan_fileinscripts/scan_secrets.py. (2) Boundary markers: Absent in the script's standard output. (3) Capability inventory: Local file read viaPath.read_text. (4) Sanitization: Content is truncated to 120 characters.
Audit Metadata