readme
Fail
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill explicitly instructs the agent to read sensitive security files during the exploration phase. Specifically, it requests the agent to read
config/master.keyand.envfiles. In a Ruby on Rails environment, themaster.keyis the primary secret used to decrypt all encrypted credentials. Accessing this file exposes the project's most sensitive production secrets to the AI model's context. - [DATA_EXFILTRATION]: The skill instructions claim to use configuration from
~/.claude/settings.json. Directing an agent to access files in the user's home directory outside of the specific project workspace is a privacy violation and a security risk, as it bypasses standard project sandboxing. - [PROMPT_INJECTION]: The skill is designed to perform a "Deep Codebase Exploration," reading many files throughout the project to generate documentation. This creates an indirect prompt injection surface where malicious instructions embedded in the codebase could influence the agent.
- Ingestion points: Entire project root, configuration files (
package.json,Gemfile,schema.rb), and theconfig/directory. - Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within the processed files.
- Capability inventory: The agent is authorized to write the resulting content directly to
README.mdin the project root. - Sanitization: Absent. There is no logic provided to sanitize or validate the content extracted from the codebase before it is used to generate the output.
Recommendations
- AI detected serious security threats
Audit Metadata