Skills
skills/helderberto/skills/safe-repo/Gen Agent Trust Hub

safe-repo

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts and utilizes system tools such as git and grep to scan the repository files and history.
  • Evidence: scripts/scan-secrets.sh uses git ls-files, git rev-parse, and grep to identify patterns.
  • [DATA_EXFILTRATION]: The skill is explicitly programmed to search for and read sensitive files and credentials.
  • Evidence: references/patterns.md and scripts/scan-secrets.sh target patterns for API keys, passwords, private keys (.pem, .key), AWS credentials, and environment files (.env).
  • Context: This behavior is consistent with the skill's primary function as a secret scanner. The skill instructions include rules to filter false positives and avoid outputting actual secret values in reports.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data (the contents of the files being scanned).
  • Ingestion points: scripts/scan-secrets.sh and the Grep tool read content from any file tracked by git in the repository.
  • Boundary markers: The skill instructions do not specify strict boundary markers or sanitization for the content read from files before the agent incorporates it into its report.
  • Capability inventory: The agent has access to Bash, Read, and Grep tools, and executes a shell script for scanning.
  • Sanitization: While the scan-secrets.sh script primarily outputs line numbers and labels, the assets/report-template.md encourages the agent to provide context/patterns from the files, which creates an opportunity for malicious instructions embedded in a scanned file to influence the agent's summary.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 10:12 AM