integration-analysis
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to scan sensitive local files including .env, application.yml, and the ~/.config/ directory to extract service endpoints and configuration data (SKILL.md Phase 0.3).
- [EXTERNAL_DOWNLOADS]: The skill automatically retrieves external source code by executing 'gh repo clone' for any repositories discovered during the integration tracing process (SKILL.md Phase 0.3).
- [COMMAND_EXECUTION]: The agent executes shell commands and GitHub CLI operations ('gh api', 'gh repo clone') to search for and download third-party codebases (SKILL.md Phase 0.3).
- [PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection as it ingests and analyzes unvalidated content from external repositories to generate implementation stories and epics. Ingestion points: Discovered codebases and documentation (SKILL.md Phase 0.3). Boundary markers: Not implemented in the provided prompt instructions. Capability inventory: Filesystem access, network operations via GitHub CLI, and subprocess execution. Sanitization: No sanitization or validation of external content is specified before processing (SKILL.md Phase 6).
Recommendations
- AI detected serious security threats
Audit Metadata