planning
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): In references/codebase-understanding.md, the skill instructs the agent to 'Analyze dotenv files and configuration'. Accessing .env files is a high-risk activity per Category 2 because they often contain secrets; severity is adjusted to MEDIUM as it aligns with the skill's purpose of system analysis.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes the 'repomix --remote' command to download and process content from external repositories, which is an untrusted data ingestion surface.
- [COMMAND_EXECUTION] (LOW): The skill invokes shell commands like 'gh' and 'repomix' for repository analysis, which are legitimate tools for the task.
- [PROMPT_INJECTION] (LOW): High surface for Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: research-phase.md (remote repos via repomix, GitHub logs/PRs via gh command). 2. Boundary markers: Absent. 3. Capability inventory: shell command execution (gh, repomix), file-writing (plan creation). 4. Sanitization: Absent.
Audit Metadata