convit-setup
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses and parses sensitive environment files.
- The included script
scripts/ensure-convit-env.mjsreads.envand.env.localfiles using thefs.readFileSyncmethod. - Although the skill instructions specify a zero-credential policy, the script parses both the names and values of environment variables prefixed with
CONVIT_into an internal object. - [COMMAND_EXECUTION]: Executes a vendor-provided script that modifies local configuration files.
- The skill instructs the agent to run
node .agents/skills/convit-setup/scripts/ensure-convit-env.mjs [path]to manage environment variables. - The script uses
fs.writeFileSyncto append a banner and placeholder configuration lines to.envor.env.localfiles. - [PROMPT_INJECTION]: Indirect injection surface via analysis of untrusted directory structures.
- The skill parses project directory names and file paths to dynamically generate regex patterns and scopes for the
.convitrc.jsonfile. - Ingestion points: Project root directory scanning and file path analysis during the 'Full-Scan Protocol' in Phase 1.
- Boundary markers: Absent. The logic relies on user confirmation of generated regex patterns rather than input sanitization.
- Capability inventory: The skill has the capability to write the
.convitrc.jsonfile and execute theensure-convit-env.mjsscript (as identified inSKILL.md). - Sanitization: Absent. The skill logic is designed to capture segments of directory names directly into configuration patterns.
Audit Metadata