cpa-antigravity-rt-extract
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to locate and extract Google Refresh Tokens from JSON configuration files. This results in the exposure of sensitive authentication credentials within the agent's output and operational context.
- [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/extract.py) to perform file processing and data extraction tasks.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted data from local JSON files and includes it in its output without sanitization. If a scanned file contains a malicious instruction in the refresh_token field, the agent may follow it when processing the script output.
- Ingestion points: Reads all .json files from a user-specified directory using Path.glob in scripts/extract.py.
- Boundary markers: None implemented to distinguish data from instructions.
- Capability inventory: Executes Python code and prints to standard output.
- Sanitization: No filtering or escaping of the extracted token values.
Audit Metadata