readme-expert
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to find and run commands from the projects it analyzes. Evidence:
knowledge/INDEX.mdandknowledge/foundation/codebase-scanner.mddescribe a 'script-executor' component used to test commands extracted from untrusted codebases. - [DATA_EXFILTRATION] (HIGH): The skill specifically searches for sensitive files and secret variables. Evidence:
knowledge/foundation/codebase-scanner.mddirects the agent to scan for '.env' files and environment variable usage like 'process.env' or 'os.environ' in source code. - [REMOTE_CODE_EXECUTION] (HIGH): By executing scripts found in remote or untrusted repositories (like those in 'package.json'), the skill enables arbitrary code execution.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted external data (source code) which could contain indirect prompt injections. 1. Ingestion points:
knowledge/foundation/codebase-scanner.mduses Grep and Read on untrusted codebase files. 2. Boundary markers: Absent. 3. Capability inventory: The skill uses a script-executor to run extracted strings. 4. Sanitization: None detected.
Recommendations
- AI detected serious security threats
Audit Metadata