environment-manager
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and manage environment configurations and .env files, which are often sourced from external repositories. This creates an attack surface where an attacker can embed malicious instructions within a .env file to hijack the agent's session. Evidence: The description specifies the management of '.env files' and 'secrets' (SKILL.md). No boundary markers or sanitization logic are provided in the skill to delimit untrusted data from instructions.
- [Data Exposure & Exfiltration] (MEDIUM): The skill focuses on sensitive file paths like '.env'. While the templates use placeholders (e.g., 'your-secret-key-here'), the operational use of this skill involves handling real credentials (API keys, DB strings), making it a target for data exposure. Evidence: Explicit guidance on managing 'secrets' and '.env' files.
- [No Code] (INFO): No executable script files were found in the skill bundle; the provided Javascript validation logic is presented as informational text within the markdown documentation rather than as a functional tool.
Audit Metadata