scanning-for-secrets
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's primary function involves accessing and analyzing sensitive file paths including '.env' files and private keys (SSH, PGP). Access to these locations is inherently high-risk, though justified by the tool's stated purpose of auditing for secret leaks.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the codebase that may contain instructions designed to hijack the agent's logic during the audit.\n
- Ingestion points: The skill scans all files in the target directory, including source code, configurations, and documentation.\n
- Boundary markers: No delimiters or instructions are used to distinguish between the agent's instructions and the content being scanned.\n
- Capability inventory: The skill has access to powerful tools including file system modification ('Write', 'Edit') and shell execution ('Bash').\n
- Sanitization: No sanitization or validation of input file content is implemented before processing.\n- [COMMAND_EXECUTION]: The skill requests broad shell access via 'Bash(security:)', 'Bash(scan:)', and 'Bash(audit:*)' permissions. These capabilities allow the agent to execute a wide range of system commands, which could be exploited if the agent is misled by malicious data found during a scan.
Audit Metadata