find-product-directories

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill incorporates strong security hygiene for credential management. It explicitly instructs the agent to source API keys from .env.local using shell wrappers and provides a mechanism to prompt users for keys without allowing them to be pasted into the chat history.
  • [COMMAND_EXECUTION]: The skill utilizes standard curl commands to perform API requests. The commands are well-defined and scoped to the official api.servicegraph.co endpoints, representing legitimate tool usage rather than arbitrary or dangerous execution.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it retrieves and displays third-party 'editor_note' content from its API. While this content is intended for user information, it is not explicitly sanitized.
  • Ingestion points: editor_note and other directory metadata retrieved from api.servicegraph.co (referenced in SKILL.md).
  • Boundary markers: The skill does not currently instruct the agent to use specific delimiters or protective warnings when outputting this external content.
  • Capability inventory: The agent is granted shell access (via curl) to interact with the API.
  • Sanitization: No validation or escaping of the external API data is described in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:01 AM
Security Audit — agent-trust-hub — find-product-directories