sensitive-content-scanner
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Data Exposure (MEDIUM): The skill instructs the agent to read and process content from highly sensitive file paths to perform its 'scan' function. This includes
~/.claude/sensitive-content-context.md(which is intended to contain PII and secrets) and patterns for credentials like~/.aws/credentialsand private keys. While this is the primary purpose of the skill, it creates a risk where sensitive data is loaded into the LLM's context window. Per the security guidelines, this finding is downgraded from HIGH to MEDIUM as it is the skill's primary intended purpose. - Indirect Prompt Injection (LOW): The skill defines a workflow to ingest and process arbitrary data from the user's local filesystem. This creates a surface for indirect prompt injection if the scanned files contain malicious instructions.
- Ingestion points: Phase 2 (File Discovery) and Phase 3 (Pattern Scanning) read and analyze the content of files provided at a user-specified path.
- Boundary markers: Absent. There are no instructions directing the agent to ignore or delimit instructions found within the files being scanned.
- Capability inventory: The agent is expected to use its internal file-reading tools to process the content.
- Sanitization: Absent. The skill does not describe any methods for escaping or sanitizing content before the agent processes it.
- No Code (SAFE): This skill contains no executable scripts or binary files, consisting entirely of markdown instructions and YAML metadata.
Audit Metadata