env-validation
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to run 'npx env-guard', which triggers a download of the package from the NPM registry at runtime.
- [REMOTE_CODE_EXECUTION]: Running 'npx env-guard' executes code from a remote repository. The package 'env-guard' is not provided by a recognized trusted vendor or well-known service.
- [COMMAND_EXECUTION]: The skill is centered around executing shell commands (npx) to perform validation tasks.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing external data sources (environment files).
- Ingestion points: The skill reads and validates the contents of '.env' and '.env.example' files.
- Boundary markers: No boundary markers or instructions to treat file content as untrusted data are provided.
- Capability inventory: The skill utilizes shell execution and file system access.
- Sanitization: There is no evidence of sanitization or filtering of the environment file contents before processing.
Audit Metadata