find-pr-agency
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill directs the agent to read and parse local .env and .env.local files to find a SERVICEGRAPH_TOKEN.
- Evidence: "read .env.local then .env in the current working directory and look for a SERVICEGRAPH_TOKEN=… line."
- Observation: This approach exposes all secrets and configuration values stored in these common credential files to the agent's context, potentially exposing unrelated service keys (e.g., AWS, database credentials).
- [DATA_EXFILTRATION]: The skill instructs the agent to transmit the discovered token to the external API at https://api.servicegraph.co and specifically directs the agent to skip user confirmation if the token is found in the local files.
- Evidence: "If you find it, use it; don't ask."
- [PROMPT_INJECTION]: The skill processes data from a remote API, creating a surface for indirect prompt injection.
- Ingestion points: API responses from https://api.servicegraph.co/v1/search and /v1/get/:id (file: SKILL.md).
- Boundary markers: Absent. No instructions are provided to the agent to use delimiters or ignore instructions embedded in the external data.
- Capability inventory: The agent has capabilities to read local files, execute network operations (curl/fetch), and perform SHA256 calculations.
- Sanitization: Absent. There are no instructions for sanitizing or validating API-returned content before it is presented or processed further.
Recommendations
- AI detected serious security threats
Audit Metadata