Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/dotenv-manager/Gen Agent Trust Hub

dotenv-manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill creates an attack surface by intending to process external .env files while possessing high-privilege capabilities. ● Ingestion points: Processes .env files as described in the purpose and triggers. ● Boundary markers: Absent; the skill does not define delimiters to separate data from instructions. ● Capability inventory: Grants access to powerful tools including Bash, Write, Edit, and Grep. ● Sanitization: No sanitization or validation of the input data is mentioned in the skill definition.
  • [Data Exposure & Exfiltration] (LOW): The skill targets .env files, which are specifically identified as sensitive file paths. Although no malicious code is present, the focus on these files combined with Bash access is a security concern. Severity is lowered as this focus is central to the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:03 PM