codebase-study-guide
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The workflow in SKILL.md Step 2 directs the agent to investigate 'Configuration' including 'env vars' and 'config files'. This targets sensitive files like .env which frequently contain API keys and credentials, risking their exposure in the generated guide.
- [COMMAND_EXECUTION] (MEDIUM): In references/guide-template.md Sections 8 and 9, the skill encourages running the codebase's test suite and modifying code to run further tests, which involves executing arbitrary code from the repository.
- [DATA_EXFILTRATION] (LOW): The skill extracts information from local files and writes it to a new document. While not a direct network exfiltration, it moves potentially sensitive data from protected files into a documentation file.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection. Evidence: (1) Ingestion points: Entire codebase files are read. (2) Boundary markers: No delimiters or ignore instructions are present. (3) Capability inventory: File access and local command execution (tests). (4) Sanitization: No escaping or validation of code content is performed before interpolation into the guide.
Recommendations
- AI detected serious security threats
Audit Metadata