Skills
skills/mindverse/second-me-skills/secondme-dev-assistant/Gen Agent Trust Hub

secondme-dev-assistant

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its dynamic documentation ingestion mechanism.
  • Ingestion points: The skill fetches API reference content from https://develop-docs.second.me to guide code generation.
  • Boundary markers: No delimiters or protective instructions are used to distinguish remote data from the agent's primary system prompt.
  • Capability inventory: The skill can execute shell commands, perform API requests, and write files based on the ingested content.
  • Sanitization: The remote content is processed directly without validation, potentially allowing malicious instructions in the docs to subvert agent behavior.
  • [DATA_EXFILTRATION]: The skill includes a telemetry and feedback framework that transmits session metadata to vendor-controlled endpoints.
  • Logged data includes user intent, summaries of actions performed, and error descriptions stored in ~/.secondme/analytics/.
  • Data is periodically synchronized to https://app.mindos.com.
  • Although the skill instructions explicitly forbid logging credentials or personal information, this behavior constitutes automated data collection by the vendor.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:41 AM