Security Scanner
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerable to indirect prompt injection. The scanner reads untrusted file content from the workspace and reflects matching lines back to the agent. An attacker could embed instructions within a dummy 'secret' (e.g., in a code comment) that the agent might obey when processing the scan report.
- Evidence Ingestion:
scripts/scan_secrets.shreads workspace files viagrepandgit grep. - Evidence Boundary Markers: None. Raw line matches are displayed.
- Evidence Capability: The agent's reasoning is influenced by the tool's output.
- Evidence Sanitization: None. Content is passed directly from files to output.
- [DATA_EXFILTRATION] (MEDIUM): Facilitates sensitive data exposure. The skill's core purpose is to extract secrets (API keys, passwords, database URLs) and display them in the assistant's context. This moves credentials from potentially secure files into cleartext chat history.
- [COMMAND_EXECUTION] (LOW): The skill executes a local shell script. The script is well-structured, uses standard binaries (
grep,git), and implementsset -euo pipefailfor safety, though it does interact with the local filesystem extensively.
Audit Metadata