Skills
skills/ninehills/skills/think/Gen Agent Trust Hub

think

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill directs the agent to read sensitive files to ensure accuracy in planning.
  • Evidence: The instruction to "open the project's actual config file (e.g. pake.json, tauri.conf.json, package.json, .env) and lift the live value."
  • Risk: Reading .env files can expose API keys, database credentials, and other secrets stored in the environment.
  • [COMMAND_EXECUTION]: The skill utilizes standard shell commands to identify project boundaries and search through documentation.
  • Commands: pwd, git rev-parse --show-toplevel, and grep are used for context verification and information gathering.
  • [PROMPT_INJECTION]: The skill ingests various untrusted local inputs, creating a surface for indirect prompt injection.
  • Ingestion points: Architecture Decision Records (ADRs), design documents, and issue threads are read from the local repository.
  • Boundary markers: The skill lacks delimiters or explicit instructions to ignore embedded commands within these files.
  • Capability inventory: The agent can read files, execute shell commands, and generate plans intended for implementation, providing a pathway for injected instructions to influence system state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 05:57 PM