docs-seeker
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (HIGH): The skill documentation states that scripts load
.envfiles from multiple sensitive locations including~/.{TOOL}/skills/.envand.{TOOL}/.env. This creates a direct risk of exposing or exfiltrating sensitive credentials and API keys stored in the environment.\n- Indirect Prompt Injection (HIGH): \n - Ingestion points: Untrusted data is retrieved from external
llms.txtsources viacontext7.cominfetch-docs.js.\n - Boundary markers: Absent; there are no instructions to the agent to disregard instructions embedded within the fetched documentation.\n
- Capability inventory: The agent is required to execute shell commands (
node) to perform its primary functions.\n - Sanitization: Absent; the fetched content is piped directly into
analyze-llms-txt.jswithout validation or escaping.\n- Command Execution (MEDIUM): The primary workflow involves executing local Node.js scripts using unsanitized user input strings as shell arguments (node ... "<user query>"), which is a known vector for command injection.
Recommendations
- AI detected serious security threats
Audit Metadata