codebase-librarian
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). -- Ingestion points: The agent is instructed to recursively read files across the entire codebase, including untrusted source code and comments. -- Boundary markers: No delimiters or ignore instructions are provided to distinguish codebase content from system instructions. -- Capability inventory: Uses the agent's file system read and write capabilities. -- Sanitization: No content filtering is performed.
- [Data Exposure & Exfiltration] (HIGH): The skill explicitly targets sensitive data paths and secrets management metadata (Category 2). -- Evidence: Instructions direct the agent to search 'config/', 'settings/', and '.env.example' directories and catalog 'Secrets management' infrastructure, which may expose sensitive information in the output document.
- [No Code] (INFO): The skill consists entirely of instructions and contains no executable code or external dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata