Skills
skills/fabioc-aloha/lithium/secrets-management/Gen Agent Trust Hub

secrets-management

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill provides an implementation for an exportSecretsToEnv function that retrieves encrypted credentials from the VS Code SecretStorage and writes them as plaintext key-value pairs into a .env file in the workspace. This practice creates a significant risk of accidental credential exposure if the plaintext file is inadvertently committed to a code repository.
  • [COMMAND_EXECUTION]: The skill uses the Node.js fs module to programmatically read and write to the local file system. Specifically, it executes fs.writeFileSync to create or modify .env files based on the internal state of the secrets cache.
  • [PROMPT_INJECTION]: The skill defines a workflow for scanning and parsing untrusted .env files within the user's workspace, creating a surface for indirect prompt injection.
  • Ingestion points: Workspace-wide scanning for environment files using vscode.workspace.findFiles as described in SKILL.md.
  • Boundary markers: Absent; the parsing logic does not appear to use delimiters to isolate untrusted values from the agent's operational context.
  • Capability inventory: The skill possesses file-write capabilities (fs.writeFileSync) and the ability to update the persistent SecretStorage based on external file content.
  • Sanitization: No evidence of input validation or sanitization is provided for the secret names or values extracted from discovered environment files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:54 AM