context-gap-analyzer
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to locate and document sensitive configuration sources and secrets management infrastructure, specifically mentioning environment variables and files such as
.envand.env.local. Accessing or cataloging these locations exposes sensitive credential management storage to the agent. - Evidence:
SKILL.mdPhase 1, Layer 3 ('Environment variables / secrets management' and 'Config injection' sections). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it systematically ingests untrusted data from the repository and integrates results back into codebase files.
- Ingestion points: Repository-wide file scans, technology fingerprinting, and codebase topology mapping described in Phases 1, 2, and 3 of
SKILL.md. - Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions within the files being scanned.
- Capability inventory: The skill utilizes file-read capabilities across the repository (Phases 1-3) and file-write capabilities to modify existing context files (e.g.,
AGENTS.md,.cursorrules) or create new tracking files (Phase 6) inSKILL.md. - Sanitization: Absent; there is no mention of escaping, validating, or filtering the external content ingested from the codebase.
- [NO_CODE]: No external scripts, executables, or code files are shipped with this skill; it consists entirely of natural language instructions in the markdown body.
Audit Metadata