deep-dive
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to scan
.envfiles for infrastructure hints (e.g., database and cloud provider details). This practice exposes sensitive environment variables, credentials, and API secrets to the model's processing context.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes thefind-docstool to retrieve current documentation from external sources such as Supabase and Vercel to ensure advice is grounded in up-to-date APIs.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted data from the local filesystem and external web content. \n - Ingestion points: Project configuration files, READMEs, and external documentation fetched via tools (SKILL.md Step 1a, 1b).\n
- Boundary markers: None identified; there are no instructions to use delimiters or ignore instructions embedded in the ingested content.\n
- Capability inventory: The skill has read access to the local filesystem and uses specialized tools for network-based documentation retrieval.\n
- Sanitization: No validation or sanitization mechanisms are described for processed data.\n- [COMMAND_EXECUTION]: The skill performs automated reconnaissance by scanning for various project configuration files (e.g.,
package.json,Cargo.toml,pyproject.toml) and analyzing the directory structure to identify the software stack.
Recommendations
- AI detected serious security threats
Audit Metadata