security-scan
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to map the codebase and run vulnerability scanners.
- Evidence includes shell pipes using
find,grep,xargs, andwcto analyze project files. - The skill attempts to run external audit tools including
pnpm audit,npm audit,pip-audit,safety,govulncheck, andcargo audit. - [CREDENTIALS_UNSAFE]: The skill uses automated patterns to search for and expose hardcoded secrets within the project files.
- It executes
grepcommands targeting highly sensitive patterns such assk_live(Stripe live keys),sk_test,AKIA(AWS Access Key IDs), andpasswordassignments. - It explicitly searches for
.envfiles that have been cached in git history usinggit ls-files --cached. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests the entire project codebase as untrusted data.
- Ingestion points: The skill reads all files matching common programming extensions (.ts, .py, .go, .rs, etc.) into the agent context.
- Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded in the analyzed code.
- Capability inventory: The skill has access to shell execution and sub-agent spawning, which could be exploited by malicious comments in the codebase.
- Sanitization: There is no evidence of sanitization or filtering of the codebase content before it is processed by the analysis engine.
Audit Metadata