env-manager
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files including .env and .env.local to audit configuration and synchronization status. While intended for management purposes, this access to credential files is a sensitive operation.
- [COMMAND_EXECUTION]: Shell utilities like grep, sed, and node are used to search the codebase for environment variable references and to verify that configuration files are correctly loaded. These commands operate on local project files.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for querying well-known secrets management services and CI/CD platforms, including AWS SSM, HashiCorp Vault, Doppler, Vercel, and GitHub Actions. These references are used to fetch configuration metadata.
- [PROMPT_INJECTION]: The skill processes untrusted content from source code and configuration files, making it vulnerable to indirect prompt injection.
- Ingestion points: Scans files in the src/ directory, .env files, and Dockerfiles for variable names and patterns.
- Boundary markers: There are no explicit instructions to use delimiters or ignore instructions found within the scanned files.
- Capability inventory: Includes file system read access, local command execution via shell, and network access to secrets management APIs.
- Sanitization: The instructions contain a rule to never log actual secret values, focusing the output on variable names and metadata.
Audit Metadata