general
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform codebase exploration and task execution using shell commands such as
grep,find,glob,wc, andcargo tree. These are used to analyze code structure, patterns, and dependencies.\n- [CREDENTIALS_UNSAFE]: The documentation identifies.envfiles as a part of the project's configuration structure and as a common target for search and exploration. This poses a risk of exposing sensitive credentials or environment variables contained within those files.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it workflow involves ingesting untrusted data from an external codebase and provides the agent with capabilities to execute shell commands and modify files.\n - Ingestion points: File discovery and content search using
glob,grep, andfindin SKILL.md.\n - Boundary markers: No delimiters or instructions to ignore embedded commands in the ingested files are specified.\n
- Capability inventory: Shell command execution via a bash tool and file modification capabilities via edit/write tools.\n
- Sanitization: No sanitization or validation of the content read from files is described.
Audit Metadata