app-store-submission-auditor
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured in
SKILL.mdto scan files matching patterns like*env*and*constants*. These files are standard locations for storing sensitive credentials such as API keys, database passwords, and private tokens. Accessing these files during an automated audit risks exposing secrets to the model context. Furthermore, the instruction to "Read without asking" encourages the agent to bypass user confirmation for these file access operations.- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface. It is designed to ingest and process untrusted data from the user's project (source code, configuration files) as seen in Step 3 ofSKILL.md. It lacks boundary markers or specific instructions to the agent to ignore commands potentially embedded within comments or strings of the analyzed code, making the agent vulnerable to following malicious instructions hidden in the scanned project. - Ingestion points: Project source files and configuration files.
- Boundary markers: Absent.
- Capability inventory: Extensive file reading across the project directory.
- Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata