aikido-security-remediator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection. It fetches vulnerability data (titles, descriptions) from an external API and passes it to the agent, which then uses this data to make changes to the codebase and execute commands.\n
- Ingestion points: External data enters via 'scripts/aikido_open_issue_groups.py' and is processed by the agent as defined in 'SKILL.md'.\n
- Boundary markers: Absent. No isolation instructions or delimiters are provided to the agent to distinguish external data from system instructions.\n
- Capability inventory: The agent is empowered to perform SAST patches, dependency upgrades, and run build/test commands as specified in 'SKILL.md'.\n
- Sanitization: Absent. No evidence of data sanitization or validation before presenting API-sourced findings to the agent.\n- [Data Exposure & Exfiltration] (LOW): The skill utilizes sensitive API credentials (AIKIDO_SECRET, AIKIDO_ACCESS_TOKEN) stored in a '.env' file. While these are used for their intended purpose with the Aikido API (app.aikido.dev), the presence of these secrets in the environment accessible by the agent presents a risk of exposure if the agent is compromised.
Audit Metadata