setup-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads highly sensitive system files including ~/.ssh/id_rsa, ~/.aws/credentials, and .env files to detect exposed secrets. While network access is disabled, these paths represent a significant data exposure surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from the local workspace during its audit. Ingestion points: Scans local configuration and environment files (.env, config.json, etc.). Boundary markers: None; there are no specific markers or instructions to isolate scanned data from the agent's core logic. Capability inventory: Possesses fileRead and fileWrite permissions but no network or shell access. Sanitization: The skill redacts discovered secrets in its final report but does not sanitize the contents of scanned files before the agent processes them.
- [COMMAND_EXECUTION]: The skill generates shell-executable Docker commands and configuration files (Dockerfile, docker-compose.yml) for the user to implement locally, though it does not execute them itself.
Audit Metadata