scan-project-structure
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The instructions for Phase 3 (Target Sections) explicitly direct the agent to extract 'Credentials (if in docker-compose)' and place them in the 'Infrastructure Ports' table of the reference document.
- [DATA_EXFILTRATION]: The skill automates the collection of sensitive architectural information, including port mappings and service configurations from files like appsettings.json, launchSettings.json, and docker-compose.yml, and writes them to persistent documentation files and report files, resulting in the exposure of sensitive infrastructure details.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it performs broad filesystem scans (Phase 2) and reads the content of these files to generate documentation. There are no specified boundary markers or sanitization steps to prevent malicious instructions embedded in the scanned files from influencing the agent's behavior. Ingestion points include service files, frontend configs, and infrastructure manifests. Capability inventory includes file-write operations. Boundary markers and sanitization are absent.
Recommendations
- AI detected serious security threats
Audit Metadata