find-engineering-firm
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to automatically search for a
SERVICEGRAPH_TOKENin sensitive locations including.env.local,.env, and shell configuration files like~/.bashrcand~/.zshrc. The instructions explicitly state to use found credentials without asking the user. - [DATA_EXFILTRATION]: The skill performs unauthorized reads of local sensitive files (environment variables and shell profiles) to extract authentication tokens. While intended for its own API, this pattern of silent credential harvesting from system-level configuration files is a security risk.
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands (
curl,openssl) and Python code snippets for calculating firm IDs and managing authentication flows. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from an external API (
api.servicegraph.co) to display firm information. - Ingestion points: Data retrieved from
/v1/searchand/v1/get/:idendpoints is processed and presented to the user. - Boundary markers: None identified in the prompt instructions to delimit external content or warn against embedded instructions.
- Capability inventory: The skill has capabilities for file-system access (reading config files), network requests (
curl), and local code execution (Python/OpenSSL). - Sanitization: No sanitization or validation steps are described for the API response content.
Audit Metadata