code-silent-degradation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the '!' prefix in the Context section. It specifically uses 'find' to locate source files and configuration patterns, which involves direct execution of subprocesses to gather file metadata.
- [DATA_EXFILTRATION]: The skill explicitly targets sensitive environment files (e.g., '.env*') for reading and analysis. While the intended purpose is to check for configuration-dependent logic skips, accessing environment files exposes potential secrets and credentials to the agent's context.
- [PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface because it reads and processes untrusted data from source code and configuration files, and then uses that information to perform file writes.
- Ingestion points: Source files including TypeScript, JavaScript, Python, Go, and Rust files, as well as configuration files like '.env', 'config.', and 'settings.' via 'Read' and 'Grep' tools.
- Boundary markers: Absent. The skill does not define any delimiters or system instructions to ignore embedded commands within the files being scanned.
- Capability inventory: The skill utilizes 'Write', 'Edit', 'Bash', and 'TodoWrite' tools, allowing the agent to modify the local filesystem based on findings.
- Sanitization: Absent. There is no evidence of validation or sanitization of the content extracted from target files before it is processed by the model or used to generate code fixes.
Audit Metadata