reference
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The reference guide provides hardcoded default passwords for development services, including MySQL ('secret'), PostgreSQL ('secret'), and MinIO ('minio123'). These are intended for local development convenience within the docker-local toolset.
- [COMMAND_EXECUTION]: Documentation includes administrative commands such as 'sudo mkcert -install' for SSL setup. While legitimate for local development, this introduces a pattern of privilege escalation if executed by an agent without human confirmation.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by allowing the agent to read and search local project files through 'alwaysAllow' permissions.
- Ingestion points: Tools allowed to perform 'Read', 'Glob', and 'Grep' operations on user project directories.
- Boundary markers: The skill lacks instructions or delimiters to help the agent distinguish between data and instructions when processing external file content.
- Capability inventory: No risky script capabilities (e.g., network exfiltration or file modification) are defined within the skill code itself.
- Sanitization: No input validation or sanitization mechanisms are defined for the content extracted from project files.
Audit Metadata