offboard
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to search for and report sensitive credentials, including API keys, tokens, passwords, .env files, and SSH keys. Accessing these sensitive file paths and displaying their contents in the chat history exposes secrets to the model context and user logs.
- [COMMAND_EXECUTION]: The instructions direct the agent to perform technical actions such as scanning codebase files, checking git branches, and running grep commands on the local directory to identify secrets.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the local project directory (source code, assets, and documentation) without explicit boundary markers or sanitization.
- Ingestion points: The agent reads and processes files from the current working directory as part of the wrap-up checklist (e.g., scanning code and READMEs).
- Boundary markers: There are no delimiters or instructions to ignore embedded commands within the files being scanned.
- Capability inventory: The agent is instructed to perform file system searches and code analysis (grep, branch checks).
- Sanitization: No validation or filtering is applied to the content of the files before processing.
Audit Metadata