save
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions explicitly direct the agent to include "credentials ... referenced" in the Markdown handoff file under the 'Context' section. Saving raw credentials to a shared network drive in plain-text markdown format is an unsafe practice that exposes secrets to anyone with access to the shared mount.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It collects untrusted data and incorporates it into a file intended to serve as instructions for another AI agent ('The reader is Claude Code on a different machine').
- Ingestion points: Data is ingested from
git log,git status, and the current conversation context (SKILL.md). - Boundary markers: The skill does not define delimiters or provide 'ignore embedded instructions' warnings when interpolating untrusted data into the handoff template.
- Capability inventory: The skill uses the
Writetool to save files and theBashtool to execute commands (SKILL.md). - Sanitization: No sanitization or escaping is performed on the gathered context before it is written to the output file.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute standard system discovery commands includinghostname,pwd,date, andgit(SKILL.md).
Recommendations
- AI detected serious security threats
Audit Metadata