Skills
skills/phrazzld/claude-config/investigate/Gen Agent Trust Hub

investigate

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill instructions explicitly direct the agent to access production environment variables and secrets using npx convex env list --prod and vercel env ls. It specifically highlights the validation of sensitive patterns such as sk_* (Secret Keys) and whsec_* (Webhook Secrets).
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses codex exec to run investigations. This pattern executes commands derived from potentially untrusted error messages or bug reports, creating a risk of command injection.
  • [DATA_EXFILTRATION] (LOW): The toolkit includes curl for testing endpoints. In combination with the ability to read production secrets, this could be used to exfiltrate sensitive data to external attacker-controlled servers.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: User-provided bug reports via $ARGUMENTS.
  • Boundary markers: None present to distinguish instructions from data.
  • Capability inventory: High-privilege access to production CLI tools (vercel, convex, sentry-cli) and dynamic execution (codex exec).
  • Sanitization: No evidence of sanitization or validation of the input arguments before they are interpolated into command strings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 22, 2026, 05:02 AM