red-team-adversary
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill's documentation in 'SKILL.md' contains deceptive metadata, claiming capabilities for 'controlled exploitation' and 'resilience testing' (e.g., DDoS and SQLi simulations) that are completely absent from the implementation. This discrepancy can lead to the misjudgment of the tool's actual functions and safety profile.
- [CREDENTIALS_UNSAFE]: The core functionality defined in 'src/lib.ts' is to identify and extract hardcoded secrets like passwords, API keys, and tokens from source code. While this is an intended auditing feature, the collection and potential display of these secrets in a results report creates a high risk of credential exposure.
- [PROMPT_INJECTION]: The skill creates a significant surface for indirect prompt injection by ingesting untrusted content from the local file system. Maliciously crafted code or comments in the scanned files could be interpreted as instructions by the agent when processing the audit report.
- Ingestion points: The file 'src/index.ts' (line 33) recursively reads the content of all '.js' and '.ts' files in a user-provided directory using 'fs.readFileSync'.
- Boundary markers: No delimiters or protective boundary markers are used to separate ingested file content from the agent's logic.
- Capability inventory: The skill has read/write access to the file system through 'node:fs' and the '@agent/core/secure-io' library.
- Sanitization: There is no evidence of sanitization, escaping, or instruction filtering applied to the source code content before it is processed by regex and included in the output.
Audit Metadata