verification
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill scans for hardcoded secrets and sensitive configurations in files like .env as part of its auditing process. This data exposure is localized to the tool's verification function and does not include network exfiltration.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes and summarizes untrusted source code.
- Ingestion points: Scans all project files and configuration manifests in Step 1.
- Boundary markers: The skill does not employ specific delimiters to isolate untrusted code from internal instructions.
- Capability inventory: The skill has file system read access for analysis and write access for generating markdown reports in Step 7.
- Sanitization: There is no mention of sanitizing ingested code before it is summarized in the final report.
- [COMMAND_EXECUTION]: The skill uses local commands (mkdir) and file writing to save reports to the filesystem. These actions are aligned with its utility purpose and follow a confirmation step.
Audit Metadata