shared-bug-investigation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to access sensitive file paths during the project context discovery phase. Specifically, it suggests viewing '.env', 'config.yml', and 'settings.py' files. Accessing these files can expose secrets, API keys, and environment-specific credentials to the agent's context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest untrusted data from various external sources.
- Ingestion points: The agent is instructed to read project files (e.g., 'package.json', '.env') and user-provided error messages, logs, and stack traces (SKILL.md, Phase 1 & 2).
- Boundary markers: There are no delimiters or specific instructions to ignore embedded commands or instructions when processing this data.
- Capability inventory: The agent has the capability to execute shell commands like 'view' to read files from the filesystem (SKILL.md, Phase 1).
- Sanitization: No sanitization, validation, or filtering of the external content is performed before the agent processes and interprets it.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to inspect local project files for discovery. While intended for debugging, this provides an execution surface that could be exploited if the agent is influenced by malicious data from the files it reads.
Audit Metadata