investigator
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to perform an "Environment Audit" (Use Case 3, Subagent 3) which involves checking local environment variables and the
.envfile. These paths are considered sensitive because they are standard locations for storing API keys, tokens, and other secrets. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting and acting upon untrusted data from the project environment without adequate isolation.
- Ingestion points: Reads documentation (
README.md,AGENT.md), system/build logs, and version control history (git log). - Boundary markers: The skill does not specify the use of delimiters or instructions for the agent to ignore embedded commands within the ingested text.
- Capability inventory: The skill utilizes file reading, project-wide search, and version control commands (
git). - Sanitization: No sanitization or validation of external content is performed before the data is processed or synthesized into reports.
- [COMMAND_EXECUTION]: The skill uses shell-based commands, specifically
git log -n 5, to retrieve historical context. While standard for development, this represents an active capability that could be targeted via malicious data in the repository.
Audit Metadata