check-config
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts and Python modules (inspect_store.sh, scripts.check_config_store) to perform configuration diagnostics.
- [DATA_EXFILTRATION]: The skill accesses and displays sensitive application data, specifically magic_link_tokens. This creates a data exposure surface where authentication secrets could be revealed in the agent's output.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes configuration data (like routing_rules and webhook_config) that could potentially be controlled by external actors.
- [PROMPT_INJECTION] Evidence Chain: 1. Ingestion points: Data is read from the Config Store (Redis/JSON) as described in SKILL.md workflow steps 2 and 3. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided. 3. Capability inventory: The agent has shell and python execution capabilities as defined in SKILL.md and inspect_store.sh. 4. Sanitization: There is no evidence of sanitization or schema validation for the data retrieved from the configuration store.
Audit Metadata