env-secrets-manager
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill utilizes the eval command to process environment variables fetched from HashiCorp Vault. Executing shell commands generated from external data sources is a risky pattern, although the risk is partially mitigated by the use of shell-escaping filters in the data processing pipeline.
- [DATA_EXFILTRATION]: The skill is designed to handle and scan for sensitive credentials, including AWS keys, Stripe tokens, and private keys. It contains scripts that read local files and git history to identify these secrets, which involves processing sensitive data within the agent context.
- [COMMAND_EXECUTION]: The skill provides several bash and Python scripts that perform system-level operations, such as git history scanning, directory traversing with grep, and executing commands via external CLI tools like vault, aws, and doppler.
- [PROMPT_INJECTION]: The skill possesses an indirect injection surface as it processes untrusted content from git logs and environment files. Ingestion points: git history scanner in SKILL.md. Boundary markers: Absent. Capability inventory: Subprocess execution and file writing. Sanitization: Partial shell-escaping via jq in Vault integration, but absent in other scripts.
Audit Metadata