frontend-security
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions in SKILL.md direct the agent to search for sensitive file paths including .env files and identify hardcoded secrets (API keys, passwords) using regex patterns. While intended for auditing, this behavior constitutes a high risk of sensitive data exposure as defined in the analyzer guidelines.
- [COMMAND_EXECUTION] (MEDIUM): The audit process relies on the execution of multiple grep commands via the shell to scan codebases, as documented in the Critical Vulnerability Patterns section of SKILL.md.
- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and process untrusted external data (codebase files), creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: Local codebase files accessed via grep in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (grep) in SKILL.md. 4. Sanitization: Absent. The severity is low as the vulnerability primarily affects the agent's internal reasoning and reporting output.
Recommendations
- AI detected serious security threats
Audit Metadata