deepstack
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is explicitly instructed to access and read sensitive configuration files, specifically
.envfiles, to identify database connection types and versions (DB_CONNECTION,DATABASE_URL). Accessing these files exposes potentially sensitive information, such as API keys and database credentials, to the agent's processing context. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from untrusted local project files (e.g.,
package.json,composer.json,.env) to generate a research prompt. Malicious content embedded in these configuration files could be used to manipulate the agent's behavior or corrupt the generated output. - Ingestion points: Project configuration files across multiple ecosystems (Node.js, PHP, Python, etc.).
- Boundary markers: None. The skill lacks delimiters or instructions to ignore embedded commands within the files it reads.
- Capability inventory: File reading capabilities across the project directory.
- Sanitization: None. The content from these files is interpolated directly into the generated research prompt template.
Audit Metadata