secrets-env-manager
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill templates reference external GitHub Actions (
trufflesecurity/trufflehogandreviewdog/action-detect-secrets). These organizations are not included in the 'Trusted GitHub Organizations' whitelist, making them unverifiable dependencies in this audit context. - COMMAND_EXECUTION (MEDIUM): The provided shell validation script uses indirect variable expansion (
${!var}). While intended for validation logic, dynamic variable resolution is a form of dynamic code generation that can be exploitable if an attacker can influence the variable names being processed. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through environment variables that it processes for validation.
- Ingestion points: Environment variables are iterated and evaluated in the
REQUIRED_VARSloop and the TypeScriptvalidateEnvfunction. - Boundary markers: None are used to separate untrusted data from processing logic.
- Capability inventory: The environment allows for network operations via
curland control flow manipulation viaexitcommands. - Sanitization: There is no evidence of sanitization or content validation beyond checking for variable existence.
- DATA_EXFILTRATION (SAFE): The skill uses
curlwith secrets targeting a placeholder domain (api.example.com). It correctly implements::add-mask::to ensure sensitive values are redacted from CI/CD logs.
Audit Metadata