Skills
skills/yaklang/hack-skills/insecure-source-code-management/Gen Agent Trust Hub

insecure-source-code-management

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [DATA_EXFILTRATION]: The skill identifies sensitive configuration and metadata files as targets for discovery, including /.env, /.git/config, and /.svn/wc.db. This is consistent with the stated purpose of identifying insecure source code management.
  • [EXTERNAL_DOWNLOADS]: Mentions various GitHub-hosted security tools (e.g., git-dumper, GitTools, GitHacker) as recommended resources for data recovery. These are referenced as external tools rather than automated downloads.
  • [COMMAND_EXECUTION]: Provides example HTTP requests and CLI commands for probing and extracting data from exposed version control directories.
  • [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to analyze web server responses to detect VCS exposure. Ingestion points: HTTP response bodies from target URLs (SKILL.md). Boundary markers: Absent. Capability inventory: No automated script execution or file writes found within the skill files. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:28 AM