hunt-source-leak
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs several third-party tools from public registries during execution, including Python packages
git-dumperandds_store, as well as Node.js packagessource-map-explorerandunwebpack-sourcemap. These dependencies are not pinned to specific versions. - [REMOTE_CODE_EXECUTION]: The skill downloads content from target URLs and pipes it directly into Python interpreters (e.g., using
python3 -cfor source map extraction and Swagger parsing). While the script logic is defined within the skill, processing unvalidated network data through a local interpreter is a high-risk pattern. - [COMMAND_EXECUTION]: Extensive use of shell commands and complex pipelines involving
curl,grep,sed,xxd, andtailare used to automate the discovery and extraction of information from target servers. - [DATA_EXFILTRATION]: The skill explicitly targets sensitive configuration and source control files (e.g.,
.env,.env.production, and.git/config) that are likely to contain credentials and internal system information. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from target websites. (1) Ingestion points: Multiple
curlcalls in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: Python script execution and file-write operations in SKILL.md; (4) Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://$TARGET/asset-manifest.json - DO NOT USE without thorough review
Audit Metadata