Skills
skills/nostrband/servicegraph/find-ai-consultancy/Gen Agent Trust Hub

find-ai-consultancy

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to automatically scan local configuration files, specifically .env.local and .env in the current working directory, to extract the SERVICEGRAPH_TOKEN credential. It explicitly tells the agent to use the found token without asking the user for permission.
  • [DATA_EXFILTRATION]: The instructions require the agent to check shell environment variables (e.g., $SERVICEGRAPH_TOKEN) to obtain authentication secrets.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including curl for interacting with the ServiceGraph API and openssl for generating firm identifiers via SHA-256 hashing.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from an external API (api.servicegraph.co) and integrates it into the agent's context.
  • Ingestion points: Data is retrieved from the /v1/search and /v1/get endpoints of the ServiceGraph API as described in SKILL.md.
  • Boundary markers: There are no defined delimiters or instructions to the agent to disregard any natural language instructions that might be embedded in the API responses.
  • Capability inventory: The agent maintains the ability to execute shell commands (curl, openssl) and read local filesystem data.
  • Sanitization: The skill does not provide mechanisms for sanitizing or validating the content returned from the external catalog before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 08:52 AM
Security Audit — agent-trust-hub — find-ai-consultancy