Lens
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's Feature Discovery pattern (detailed in references/investigation-patterns.md) specifically instructs the agent to search for sensitive files such as .env and look for technical keys like AUTH_SECRET and JWT_KEY. This creates a risk of exposing raw credentials in the generated reports, although it is intended for architectural understanding.
- [COMMAND_EXECUTION]: The search strategies (references/search-strategies.md) and investigation patterns (references/investigation-patterns.md) rely on the execution of shell-based commands including grep, ls, cat, and glob patterns to navigate and read the codebase.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted codebase data.
- Ingestion points: Files throughout the target codebase are read via cat and grep.
- Boundary markers: The output templates in references/output-formats.md do not provide specific markers or instructions to delimit or ignore instructions embedded in the analyzed code.
- Capability inventory: The agent has extensive file system read and search capabilities (ls, cat, grep, glob) but is strictly forbidden from writing code or executing it.
- Sanitization: There are no instructions for sanitizing or escaping content retrieved from the codebase before it is included in the final report.
Audit Metadata