apex-takeover
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to access and analyze sensitive files containing credentials.
- Evidence: "Warden: Security scan — secrets in code, vulnerable dependencies, exposed endpoints. Check .env files, hardcoded credentials, dependency audit." (SKILL.md)
- [DATA_EXFILTRATION]: The skill instructs the agent to aggregate all findings, which includes the secrets gathered in the reconnaissance phase, and transmit them to a specific tool or endpoint.
- Evidence: "Synthesize all findings, then route through
atlas-report: ... Invoke/atlas-reportwith the full synthesized findings." (SKILL.md) - [PROMPT_INJECTION]: The skill acts as an audit tool for inherited or acquired codebases, which constitutes a large surface for indirect prompt injection from untrusted files.
- Ingestion points: Full codebase contents, project manifests, configuration files, and CI/CD scripts (SKILL.md).
- Boundary markers: None specified for the data ingestion phases.
- Capability inventory: Access to tools like Read, Write, Edit, Bash, WebFetch, and WebSearch (SKILL.md).
- Sanitization: No sanitization or validation of the inherited codebase content is described prior to processing.
Audit Metadata