context-gap-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a localized context engineer tool for auditing repository documentation and configuration. It performs environment discovery to identify how context is delivered to agents.
- [DATA_EXFILTRATION]: The skill identifies and inspects sensitive configuration areas, such as environment variable injection and secrets management mechanisms (e.g., .env files). This access is intended for auditing the 'how' of secret management rather than extracting values, and no network exfiltration was detected.
- [PROMPT_INJECTION]: The skill processes untrusted content from the repository (code, configs, and existing docs) to generate gap analyses and user questions. While this creates an indirect prompt injection surface, it is a necessary part of the skill's diagnostic workflow, and the output is localized to the user's environment.
Audit Metadata