docs-seeker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The core workflow relies on the execution of three Node.js scripts (
detect-topic.js,fetch-docs.js, andanalyze-llms-txt.js) using thenodecommand. These scripts are not included in the provided file, meaning their logic is opaque and unverifiable.\n- [CREDENTIALS_UNSAFE] (HIGH): The skill's environment documentation specifies that scripts load.envfiles from sensitive locations including.claude/skills/.envand.claude/.env. This grants the scripts access to potentially broad-scoped API keys and secrets not intended for this specific skill.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Thefetch-docs.jsscript is designed to retrieve documentation fromcontext7.com, which is not a trusted source. This introduces untrusted external data into the agent's execution environment.\n- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It processesllms.txtfiles from external web sources and usesanalyze-llms-txt.jsto recommend an "agent distribution strategy." An attacker-controlledllms.txtcould contain instructions that manipulate the agent's logic or resource usage (e.g., forcing a "7 agents" strategy to consume tokens or execute malicious instructions).\n- [DATA_EXFILTRATION] (MEDIUM): Although no explicit exfiltration command is shown, the scripts have the necessary capabilities (network access via fetching and file access via.envloading) to exfiltrate sensitive data.
Recommendations
- AI detected serious security threats
Audit Metadata