config-auditing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill includes commands to search for and extract credentials like API keys and tokens from user configuration files. Evidence: grep patterns in audit-checklist.md.
- [Dynamic Execution] (MEDIUM): The skill runs the user's init.lua file via Neovim's headless mode to verify configuration integrity, which executes arbitrary code. Evidence: dofile command in SKILL.md.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted configuration files as input without adequate sanitization or boundary markers. Ingestion points: ~/.config/nvim/**/*.lua; Boundary markers: Absent; Capability inventory: Bash tool and nvim; Sanitization: Absent.
Audit Metadata