direnv
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for installing software using
sudo apt install, which requires administrative privileges on Linux systems. - [COMMAND_EXECUTION]: Setup steps involve appending initialization hooks to user shell profiles such as
~/.bashrcand~/.zshrcto ensure the tool runs in every shell session. - [CREDENTIALS_UNSAFE]: The documentation includes example API keys with patterns like
sk-real-production-keyandsk-live-abc123to demonstrate security anti-patterns and proper secret management. - [PROMPT_INJECTION]: The skill manages environment configuration by loading data from
.envrcand.envfiles (Ingestion points: SKILL.md). It mentions manual authorization viadirenv allow(Boundary markers: SKILL.md). The tool possesses capabilities to modify the PATH and execute shell scripts (Capability inventory: SKILL.md), relying on the user to vet external content before loading (Sanitization: SKILL.md). - [REMOTE_CODE_EXECUTION]: A pattern for exporting shell functions utilizes the
evalcommand to dynamically generate and define function bodies within the active environment.
Audit Metadata