ln-733-env-configurator
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted project files, such as existing environment configurations and source code, to automate variable discovery. This creates a surface for indirect prompt injection where malicious content in project files could attempt to influence the agent's logic.\n
- Ingestion points: Scans project source code and existing .env files in the local workspace.\n
- Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within the scanned data.\n
- Capability inventory: The skill can create and modify environment files and update the .gitignore file in the repository root.\n
- Sanitization: Content extracted from the project is used for template generation without explicit sanitization or validation rules.\n- [EXTERNAL_DOWNLOADS]: Fetches template files from the author's official GitHub repository (raw.githubusercontent.com/levnikolaevich/...) as a fallback mechanism if local reference files are missing.
Audit Metadata