project-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses and processes sensitive configuration files, creating a risk of data exposure.\n
- Evidence: Phase 3 (Infrastructure Analysis) involves scanning 'Infra Files' such as config files, Dockerfiles, and CI/CD pipelines. Agent B is explicitly tasked with extracting environment variables required for production runtime.\n
- Risk: Reading files like
.envor CI/CD configurations could result in the unintended inclusion of secrets or sensitive configuration data in the generated whitepaper document.\n- [PROMPT_INJECTION]: The skill contains an Indirect Prompt Injection attack surface due to its analysis of untrusted external content.\n - Ingestion points: The skill reads all files within a provided repository (Phase 1, 2, and 3), including source code and build scripts from local paths or GitHub URLs.\n
- Boundary markers: The instructions for Agent B (
devops-engineer-prompt.md) and Agent C (chief-architect-prompt.md) lack delimiters or instructions to ignore embedded prompts within the codebase files being analyzed.\n - Capability inventory: The skill uses
git clonefor retrieval and is authorized to read the entire file system of the target project and write a comprehensive summary.\n - Sanitization: There is no evidence of sanitization or filtering to prevent the agent from obeying instructions embedded in the analyzed codebase (e.g., markdown comments or code strings designed to hijack the documentation process).\n- [EXTERNAL_DOWNLOADS]: The skill performs automated repository cloning from remote sources.\n
- Evidence: Phase 1 (Prepare & Scan) handles the resolution of target source code by cloning if a URL is provided. While cloning from established services like GitHub is routine, the content retrieved is untrusted and dictates the agent's downstream analysis.
Audit Metadata