environment-setup
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill targets the creation and management of sensitive files including
.env,.env.local, and.env.production. - Evidence: The skill description and instructions explicitly mention handling environment variables and configuration files which typically contain sensitive credentials like API keys and database connection strings.
- Context: The risk is mitigated by the inclusion of
.env.exampletemplates and strict instructions to use.gitignoreto prevent secret exposure in version control. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it involves reading and processing external data from configuration files.
- Ingestion points: The agent is instructed to read content from
.envfiles and configuration scripts. - Boundary markers: No specific instructions or delimiters are provided to the agent to treat the content of these files as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill allows the use of
Bash,Write, andEdittools, which could be exploited if an attacker-controlled configuration file is processed. - Sanitization: While the code examples include
Zodfor runtime validation, the agent's interaction with the files lacks explicit sanitization or instructions to ignore embedded commands.
Audit Metadata