technical-skill-finder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill is designed to read sensitive local files including '~/.codex/history.jsonl', session logs, and dotfiles. These interaction histories frequently contain API keys, proprietary code, and private user data.
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from historical agent logs and repository-local telemetry (Category 8). It lacks boundary markers or sanitization to prevent instructions embedded within these logs from influencing the agent's behavior or recommendations.
- [Command Execution] (MEDIUM): The workflow generates 'first-apply command sets' and 'workflow artifacts' based on its analysis of potentially poisoned logs. This could lead to the user or agent executing harmful commands suggested by the tool.
- [Metadata Poisoning] (MEDIUM): The 'agents/openai.yaml' configuration sets 'allow_implicit_invocation: true', which allows the skill to be triggered automatically to process sensitive history files without explicit user initiation for each run.
Recommendations
- AI detected serious security threats
Audit Metadata