ln-750-commands-generator
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is configured to access sensitive file paths to extract configuration metadata. As documented in 'references/variables_reference.md', the logic explicitly searches for database connection details within .env (DATABASE_URL) and appsettings.json (ConnectionStrings). This behavior constitutes a data exposure risk, though it is used for the skill's primary purpose of tech stack detection.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted project data. 1. Ingestion points: The skill analyzes project files such as package.json and .env for variables including project names, paths, and ports. 2. Boundary markers: It utilizes {{VARIABLE}} syntax for interpolation but lacks explicit instructions or delimiters to isolate untrusted content in the generated output. 3. Capability inventory: The skill's primary function is to generate markdown files intended to be executed as shell commands (e.g., npm, dotnet, docker-compose). 4. Sanitization: No validation, escaping, or filtering logic is present for the data extracted from the project environment before it is placed into executable templates.
Audit Metadata