api-key-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates a surface for indirect instruction injection because it is designed to manage sensitive keys and security patterns while possessing high-privilege capabilities.
- Ingestion points: Potential untrusted data enters the context via user requests or external configuration files read using the
Readtool. - Boundary markers: The skill definition lacks explicit delimiters or instructions for the agent to ignore instructions embedded within the processed data.
- Capability inventory: The skill allows access to
Bash(npm:*),Read,Write, andGrep, enabling comprehensive file system manipulation and command execution. - Sanitization: There are no defined logic steps to sanitize or validate the content of managed API keys or security configurations.
Audit Metadata