Skills
skills/steveclarke/dotfiles/env-to-fnox/Gen Agent Trust Hub

env-to-fnox

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The skill explicitly commands the agent to read the contents of .env files using cat .env. These files are known to contain highly sensitive data such as API keys, database credentials, and AWS secrets. Providing this content to the agent context constitutes a data exposure risk.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The workflow requires the installation of the fnox tool via mise. fnox is not provided by a trusted organization (e.g., Anthropic, OpenAI, Microsoft) and is an unverified dependency in this context.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes multiple shell commands with side effects, including rm .env and op item create. While consistent with the stated purpose, these commands could be abused if the agent is manipulated by malicious data within the processed files.
  • [DATA_EXFILTRATION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Reads external .env files via cat .env.
  • Boundary markers: None. Content is read directly into the context without delimiters or warnings.
  • Capability inventory: File deletion (rm), tool installation (mise use), and secret creation (op item create).
  • Sanitization: None. The skill does not validate the content of the .env file before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 09:36 PM