secure-vault
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive local file paths to manage its internal encryption key.
- Specifically, it reads and writes to '
/.config/agent/vault.key' and '/.config/agent/vault.enc' to persist the master encryption key and the encrypted database. While this is the intended functionality for a local vault, the access to files matching secret/key patterns in the user's home directory is flagged as sensitive path access. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via the storage and retrieval of secret values.
- Ingestion points: Secret values are ingested via the '--value' command-line argument in 'secure-vault.js'.
- Boundary markers: Absent. Secrets are stored as raw strings and returned in the JSON response without delimiters or warnings that the content might contain instructions for the agent.
- Capability inventory: The script has full read/write access to the local vault directory and can write to any path specified by the user in the 'export' command.
- Sanitization: No validation or sanitization is performed on the secret values before storage or retrieval.
- [COMMAND_EXECUTION]: Provides a CLI tool for file system operations that allows writing to and reading from arbitrary local paths.
- The 'export' and 'import' commands interact with local files provided as arguments. Notably, the 'export' command by default includes the decryption key within the exported JSON file unless a manual external key is provided, which significantly weakens the security of the backup and could lead to data exposure if the file is shared or intercepted.
Audit Metadata