secret-scan-gitleaks
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (MEDIUM): The skill executes shell commands (
gitleaks detect) using parameters like--source=<path>. If the agent fails to sanitize the path input, it could lead to shell command injection. - [Indirect Prompt Injection] (HIGH): This is the primary risk. The skill ingests untrusted data from a codebase (file contents, commit messages, and metadata). Since the agent is instructed to 'Parse the results' and 'Summarize', an attacker could hide malicious prompt instructions within a scanned file or a fake secret. When the agent reads the resulting JSON report, it might obey instructions embedded in the 'secret' or 'author' fields.
- [Data Exposure] (LOW): By design, this skill accesses sensitive data (hardcoded secrets). It includes a specific instruction to redact values (first 4 and last 2 characters), which is a positive safety control for the user interface, though the underlying agent context still handles the full JSON output.
- [External Downloads] (LOW): The prerequisites suggest installing Gitleaks via
brewor GitHub releases. While these are trusted sources for security professionals, the skill relies on the presence of external binary dependencies.
Audit Metadata