security-ai-keys
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill explicitly accesses and scans sensitive file paths including .env, .env.local, and .json files to identify potential AI API key leaks. This constitutes credential exposure/access findings. Evidence: scripts/scan.sh and SKILL.md commands perform recursive searches on environment and configuration files.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted content from the local file system during its scan process, creating a surface for indirect prompt injection. 1. Ingestion points: scripts/scan.sh and audit commands read the content of all files in the target directory. 2. Boundary markers: Absent; scanned content or report summaries are returned to the agent without specific delimiters. 3. Capability inventory: The skill is restricted to read-only search operations using ripgrep; no network exfiltration or file-writing capabilities were found. 4. Sanitization: Absent; content from scanned files is not filtered before being reported.
- [Command Execution] (LOW): The skill executes the rg (ripgrep) utility as a subprocess to perform file content analysis.
Recommendations
- AI detected serious security threats
Audit Metadata