init
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to scan for and read sensitive environment configuration files such as
.envand.env.local. Although the stated objective is to identify required environment variables for documentation purposes, accessing files that typically store live secrets constitutes a data exposure risk. - [COMMAND_EXECUTION]: The agent is instructed to execute shell commands to detect installed language servers (using
command -vor--version) and to prepare installation commands for missing tools. This risk is partially mitigated by the explicit instruction to never install tooling without explicit user confirmation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the codebase (manifests, READMEs, config files) and interpolates it into documentation templates and setup instructions without sanitization.
- Ingestion points: Project manifest files (e.g.,
package.json,Cargo.toml),README.md, and directory structures specified in SKILL.md. - Boundary markers: None; the instructions do not include delimiters or warnings to ignore malicious instructions embedded within the scanned codebase files.
- Capability inventory: The skill has the capability to read files, write to the project root (creating
CLAUDE.mdandAGENTS.md), and execute shell commands for tool detection and installation. - Sanitization: There is no requirement or logic provided to escape, validate, or sanitize the content discovered in the codebase before it is used in documentation or system operations.
Audit Metadata