intelligems-funnel-diagnosis
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes several shell commands (
test,cp,source,python3) to verify the workspace, move script files, and execute the analysis. - Evidence: Step 0, 1, 2, and 4 use bash blocks to interact with the environment.
- [CREDENTIALS_UNSAFE] (LOW): The skill handles an
INTELLIGEMS_API_KEYby prompting the user for input and then writing it to a plaintext.envfile. - Evidence:
echo "INTELLIGEMS_API_KEY=<user's key>" > ~/intelligems-analytics/.envin Step 1. - [DATA_EXPOSURE] (INFO): The skill reads from the filesystem (specifically
.envandreferences/) and creates directories to manage its operational state. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes output from an external Python script (
funnel.py) to generate a conversational report. While this is the core function, there are no specific sanitization steps mentioned for the script's output before being processed by the agent.
Audit Metadata