scanning-for-secrets
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary objective is to identify hardcoded secrets and credentials, which is a standard security auditing task.
- [COMMAND_EXECUTION]: The skill relies on bundled shell and Python scripts, such as validate_commit.sh and scan_directory.py, to perform its operations. These scripts are executed via the Bash tool to facilitate codebase analysis.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it ingests untrusted code from the filesystem.
- Ingestion points: Source code files and configuration files identified during the secret scan (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The agent has access to powerful tools including Bash, Write, Edit, Grep, and Glob (SKILL.md).
- Sanitization: No sanitization or validation logic is specified for the content read from the codebase before it is processed by the agent.
Audit Metadata