project-analyzer
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (
scripts/phase1_discovery.shandscripts/phase2_analysis.sh) to perform directory traversal, file searches, and git log inspections. - [COMMAND_EXECUTION]: The analysis scripts utilize
python3 -cto execute inline code for parsing and processing project metadata frompackage.jsonfiles. - [DATA_EXFILTRATION]: The skill's discovery logic specifically targets sensitive configuration files for inspection, including
.envfiles, Docker configurations, and Git history. - [CREDENTIALS_UNSAFE]: The
phase2_analysis.shscript employs grep commands with regex patterns to locate and extract hardcoded secrets, such as passwords and API keys, directly from the project's source code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted code, comments, and README content from analyzed projects and incorporates this data into its context and generated reports.
- Ingestion points: Codebase content processed via
find,grep, andcatin the discovery and analysis phases. - Boundary markers: No delimiters or safety instructions are present to prevent the agent from obeying instructions embedded within the analyzed project files.
- Capability inventory: Subprocess execution (bash), directory manipulation, and file writing.
- Sanitization: The skill lacks validation or escaping mechanisms for the external code content it processes before generating reports.
Recommendations
- AI detected serious security threats
Audit Metadata