docs-seeker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill explicitly defines a search path for environment variables that includes the agent's global configuration directory (.claude/.env). Accessing these files is a high-risk activity often associated with credential harvesting.
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The workflow requires executing multiple Node.js scripts (detect-topic.js, fetch-docs.js, analyze-llms-txt.js) that are not included in the provided skill content. Running unverified code is a severe security risk.
- [Indirect Prompt Injection] (HIGH): Evidence Chain: 1. Ingestion points: Fetches documentation from context7.com and llms.txt files via fetch-docs.js. 2. Boundary markers: None present in the described workflow. 3. Capability inventory: Executes shell commands (node, cat) and makes strategic decisions based on results. 4. Sanitization: None. The skill uses external content to determine 'agent distribution' strategies, which could be exploited by malicious documentation to hijack the agent's planning.
- [Command Execution] (MEDIUM): User queries are passed as raw arguments to shell commands (node scripts/detect-topic.js). Without strict sanitization, this provides a vector for command injection attacks if the query contains shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata