security-audit
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill involves the execution of a local Node.js script (
node skills/security-audit/scripts/audit.cjs) to perform its operations, including modifying file permissions via the '--fix' flag.\n- [CREDENTIALS_UNSAFE]: The audit process explicitly targets sensitive information, including API keys in environment files, tokens within shell command history, and hardcoded secrets in codebases. Accessing these resources exposes high-value credentials to the agent context.\n- [PROMPT_INJECTION]: The skill processes potentially untrusted local data which could lead to indirect prompt injection if those sources contain malicious instructions.\n - Ingestion points: Environment files (e.g., '.env'), shell command history, and application source code files.\n
- Boundary markers: Not specified in the provided documentation.\n
- Capability inventory: Execution of Node.js scripts, file system read access, and file permission modification capabilities.\n
- Sanitization: There is no indication that the data retrieved during the audit is sanitized before being processed by the agent.
Audit Metadata