secret-leak-check
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill's primary function is to locate and read sensitive files such as .env, cloud provider credentials, and private keys. While this is the intended use case, it requires the agent to handle and process sensitive authentication material, placing it within the LLM's active context.
- [COMMAND_EXECUTION]: The skill directs the agent to perform CLI operations using Git, specifically 'git diff' and 'git show', to analyze changes and commit history for potential leaks.
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes untrusted data from repository files and diffs. The lack of explicit boundary markers or instructions to isolate this data creates a risk where malicious content inside the scanned files could attempt to influence the agent's logic. * Ingestion points: File contents and Git diff outputs across the repository as identified in 'references/scope_selection.md'. * Boundary markers: Absent. The skill does not provide delimiters or 'ignore' instructions for the content being scanned. * Capability inventory: File system read access and Git CLI execution. * Sanitization: No input validation is performed on the files being read; the reporting template only suggests masking the final output snippets.
Audit Metadata