find-cybersecurity-firm

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read sensitive local files, specifically .env and .env.local, to retrieve a SERVICEGRAPH_TOKEN. This represents a data exposure risk as the agent could potentially access other sensitive credentials stored in these files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from an external API (api.servicegraph.co).
  • Ingestion points: The agent retrieves firm information, tags, and search results from the ServiceGraph API endpoints in SKILL.md.
  • Boundary markers: Absent. There are no instructions to the agent to treat API responses as untrusted data or to use specific delimiters.
  • Capability inventory: The agent performs network requests via curl and local shell operations. No dynamic code execution (eval/exec) was detected.
  • Sanitization: Absent. The skill does not define any validation or sanitization steps for the content returned by the API before it is presented to the user.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands and pipes (including tr, openssl, and awk) to calculate a firm_id locally based on domain names. While these specific commands serve a utility purpose for the skill's functionality, they involve the execution of system subprocesses.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:53 AM
Security Audit — agent-trust-hub — find-cybersecurity-firm