scan-project-structure
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to identify and document credentials found within infrastructure configuration files.
- Evidence: Phase 3 instructions for the 'Infrastructure Ports' section require a table including 'Credentials (if in docker-compose)'.
- [DATA_EXFILTRATION]: The skill performs a systematic search for sensitive data across the codebase, which is then written to documentation and report files, increasing the risk of exposure.
- Evidence: Agent 3 is instructed to 'Identify databases, message brokers, caching from connection strings', which typically contain sensitive authentication tokens or passwords.
- Evidence: Phase 2 involves scanning 'appsettings*.json' and 'docker-compose*.yml' specifically to extract configuration details that often contain secrets.
- [COMMAND_EXECUTION]: The skill utilizes extensive filesystem scanning operations (globbing and grepping) to find configuration files and extract data.
- Evidence: Phase 2 workflow uses parallel sub-agents to 'Glob for **/*.csproj and */Dockerfile' and 'Grep launchSettings.json or appsettings.json'.
- [DATA_EXFILTRATION]: The skill processes untrusted project data (e.g., package.json, Dockerfiles) and interpolates it into documentation without sanitization, creating a surface for indirect prompt injection.
- Ingestion points: File reads of various configuration and source files (package.json, Dockerfile, etc.).
- Boundary markers: None provided to distinguish between document structure and untrusted content.
- Capability inventory: File system read/write access and report generation.
- Sanitization: No sanitization or validation of the extracted technology names or port numbers before writing to the final documentation.
Audit Metadata