env-secret-detector
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requests 'Bash(npm:*)' in its allowed-tools list. This enables the agent to run any npm command, allowing for potential execution of malicious scripts through npm lifecycle hooks or the installation of compromised packages.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The permission to use npm allows the skill to download and install code from the public npm registry without explicit verification of sources or versions within the skill definition.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted file content through Read and Grep tools. The combination of data ingestion points, absence of boundary markers, and the capability to execute Bash/npm commands creates a surface for indirect prompt injection.
Audit Metadata