secret-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function involves processing untrusted external content from code and configuration files. Ingestion points: Arbitrary code and .env files read via Grep and Read tools. Boundary markers: Absent. Capability inventory: Use of Read and Grep to influence git commit decisions and agent reasoning. Sanitization: Absent. This combination allows an attacker to embed malicious instructions within scanned files to manipulate the agent.
- Data Exposure (HIGH): Under Category 2, the skill is flagged for instructing the agent to access sensitive file paths, including ~/.aws/credentials, ~/.ssh/id_rsa, and .env. This behavior is inherently high-risk.
- Credentials Unsafe (MEDIUM): Both README.md and SKILL.md contain hardcoded example API keys and tokens (e.g., Stripe sk_live_... and AWS AKIA...) which match patterns for credential exposure.
Recommendations
- AI detected serious security threats
Audit Metadata