diagnostic-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM):
SKILL.mdprovides an example diagnostic commandenv | grep IDENTITYto verify if secrets are correctly propagated through build layers. This command outputs the full environment variable string (e.g.,IDENTITY=secret_value), which would cause sensitive credentials to be captured in diagnostic logs. - COMMAND_EXECUTION (LOW): The
find-polluter.shscript automates the execution of test files usingnpm testbased on a user-provided search pattern. This involves the execution of arbitrary code contained within test files on the local filesystem. - DATA_EXPOSURE (LOW):
SKILL.mdincludes instructions to run macOS-specific commands (security list-keychains,security find-identity) that expose metadata about the system's keychain and cryptographic identities. - INDIRECT_PROMPT_INJECTION (LOW): The skill includes several 'Pressure Test' markdown files (
test-pressure-1.md, etc.) designed as adversarial scenarios to test agent compliance. These represent a self-referential ingestion surface. - Ingestion points: Files
test-pressure-1.md,test-pressure-2.md, andtest-pressure-3.md. - Boundary markers: Absent; the files contain raw prompt-like scenarios without delimiters.
- Capability inventory: Execution of shell commands via examples in
SKILL.mdand thefind-polluter.shscript. - Sanitization: No sanitization or validation of the input scenarios is performed.
Audit Metadata