planning
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (HIGH): The skill directs the agent to access highly sensitive files. Specifically,
references/codebase-understanding.mdinstructs the agent to 'Analyze dotenv files and configuration'. Accessing .env files is a critical security risk as they frequently contain hardcoded API keys, database credentials, and other secrets. - EXTERNAL_DOWNLOADS (LOW): The skill facilitates the download and processing of code and data from arbitrary remote sources. Evidence in
references/research-phase.mdshows the use ofrepomix --remote <github-repo-url>to fetch and aggregate remote repositories and thedocs-seekerskill to fetch documentation from external URLs. While intended for research, this behavior ingests untrusted data. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection due to its extensive ingestion of external, untrusted data. * Ingestion points: Remote GitHub repositories (
repomix), GitHub PRs/Issues/Logs (ghcommand), and external documentation. * Boundary markers: None identified; there are no instructions to the agent to disregard instructions embedded within the research data. * Capability inventory: The agent can execute shell commands (repomix,gh), read/write local files, and spawn sub-agents (researcher,debugger). * Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata