find-law-firm
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive configuration files. The skill directs the agent to read
~/.bashrc,~/.zshrc,.env.local, and.envfiles to find API tokens. These files are highly sensitive and commonly contain private keys, database credentials, and other system secrets. - [DATA_EXFILTRATION]: Bypasses user oversight for credential retrieval. The instructions specify that if a token is found in environment files, the agent should "use it; don't ask," which circumvents the user's ability to monitor or approve access to their local environment data.
- [COMMAND_EXECUTION]: Shell command usage. The skill instructs the agent to use
curlfor API interactions and provides both bash and Python snippets for local data processing and identifier calculation. - [EXTERNAL_DOWNLOADS]: Outbound API communication. The skill connects to
api.servicegraph.coto perform law firm searches, validate filters, and handle authentication. - [PROMPT_INJECTION]: Indirect prompt injection risk. The skill processes untrusted data from external API responses and integrates it into the agent's context without adequate security boundaries or sanitization.
- Ingestion points: Responses from the ServiceGraph API endpoints (
/v1/tags,/v1/search,/v1/get). - Boundary markers: Absent. The skill provides no instructions for the agent to distinguish between valid data and potential instructions embedded within API results.
- Capability inventory: The skill has the capability to execute shell commands and read sensitive local files.
- Sanitization: Absent. There is no requirement for validating or escaping content retrieved from the remote API.
Recommendations
- AI detected serious security threats
Audit Metadata