env-setup
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell tools including grep, sort, tr, and git to perform codebase analysis and check commit history. These operations are used to extract environment variable patterns and identify potential historical secret leaks.
- [DATA_EXFILTRATION]: Accesses sensitive files such as .env, .env.local, and git logs to validate environment completeness and detect credentials. While this exposes sensitive data to the agent, the risk is mitigated by the lack of network tools in the allowed toolset and the primary purpose of the skill as an environment setup utility. It explicitly forbids the inclusion of real secrets in generated example files.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection from codebase content and git history.
- Ingestion points: Project source files, environment files, and git logs.
- Boundary markers: Relies on instructional constraints (e.g., Grep before reporting) and specific pattern-matching rules rather than formal delimiters.
- Capability inventory: Possesses Read, Write, Edit, Grep, and Bash(git *) permissions.
- Sanitization: Mandates the use of placeholders (e.g., your_api_key_here) for all secret values in generated example files to prevent data exposure.
Audit Metadata