Skills
skills/ghostsecurity/skills/ghost-scan-secrets/Gen Agent Trust Hub

ghost-scan-secrets

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): In agents/init/agent.md, the skill executes a remote script using the curl | bash pattern. This is a critical security risk as it runs unverified code from the internet directly in the agent's environment.
  • [EXTERNAL_DOWNLOADS] (HIGH): The installer script is fetched from https://raw.githubusercontent.com/ghostsecurity/poltergeist/main/scripts/install.sh. The 'ghostsecurity' organization is not on the Trusted External Sources list, making this download unverified.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core logic of reading untrusted codebases.
  • Ingestion points: agents/analyze/analyzer.md reads arbitrary file content from the <repo_path> for analysis.
  • Boundary markers: Absent. The prompt instructions do not provide delimiters or warnings to the analyzer agent to ignore instructions embedded within the data being scanned.
  • Capability inventory: The analyzer agent has the capability to write finding files to the disk (scan_dir/findings/), which could be manipulated by an attacker to create deceptive security reports.
  • Sanitization: Absent. There is no evidence of filtering or escaping content read from the repository files before it is processed by the AI agent.
  • [COMMAND_EXECUTION] (SAFE): The skill uses standard bash commands in SKILL.md and agents/scan/agent.md to identify the repository context and execute the local poltergeist binary. These operations are consistent with the skill's stated purpose.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 02:04 PM