pre-mortem
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The script
scripts/analyse_risk.pyis designed to scan for sensitive keywords such as 'password', 'api_key', and 'secret', as well as '.env' files. While this is a diagnostic feature, it programmatically identifies and exposes the location of hardcoded secrets to the agent, which could lead to unintended data exposure. - COMMAND_EXECUTION (LOW): The
SKILL.mdinstructions recommend executingpython scripts/analyse_risk.py --task "<task description>". This pattern interpolates a task description directly into a shell command. If the agent does not properly escape shell metacharacters in the user-provided task description, it could result in local command injection. - PROMPT_INJECTION (LOW): As the skill scans external codebase files, it is vulnerable to indirect prompt injection. Maliciously crafted content within the files being scanned could attempt to manipulate the risk analysis output or influence the agent's subsequent decision-making.
- Evidence Chain:
- Ingestion points: The
scripts/analyse_risk.pyscript reads any file within the specified path (excluding standard skip directories). - Boundary markers: No delimiters or safety instructions are used when reading or processing file content.
- Capability inventory: The skill uses
bash(grep, cat, python) andfile: readtools. - Sanitization: None; file content is processed using regular expressions and printed directly to standard output.
Audit Metadata