Skills
skills/fellowship-dev/dogfooded-skills/trash-truck/Gen Agent Trust Hub

trash-truck

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The pre-scan.sh script specifically searches for sensitive file paths such as .env, *.pem, *.key, and credentials.json. While intended to identify files accidentally committed to version control, this functionality allows for the discovery of credentials and secrets within the environment.
  • [PROMPT_INJECTION]: The skill processes untrusted repository content to identify cleanup candidates, which presents an indirect prompt injection surface.
  • Ingestion points: Repository code files are read by rg and Python's ast module in pre-scan.sh for analysis.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's logic.
  • Capability inventory: The skill is granted Read, Write, Bash, Glob, and Grep tools, allowing for significant file system modification.
  • Sanitization: No sanitization or validation is performed on the repository data before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 02:54 AM