ln-733-env-configurator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow involves scanning local project files to identify environment variables and classify them as secrets or configuration. This creates an indirect prompt injection surface where maliciously crafted content in the project files could attempt to influence the agent's behavior.
- Ingestion points: Project source code files (Phase 1 Environment Discovery).
- Boundary markers: No specific delimiters or safety instructions are defined for the scanning process.
- Capability inventory: Writing configuration files (.env.*) and modifying .gitignore.
- Sanitization: No explicit sanitization or validation of the discovered variable names or contents is defined.
- [EXTERNAL_DOWNLOADS]: The diagram file diagram.html includes a script reference to the Mermaid.js library hosted on the JSDelivr CDN, a well-known service.
- Source: https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js
- Context: Used for rendering workflow visualizations.
Audit Metadata