find-product-directories
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill incorporates strong security hygiene for credential management. It explicitly instructs the agent to source API keys from
.env.localusing shell wrappers and provides a mechanism to prompt users for keys without allowing them to be pasted into the chat history. - [COMMAND_EXECUTION]: The skill utilizes standard
curlcommands to perform API requests. The commands are well-defined and scoped to the officialapi.servicegraph.coendpoints, representing legitimate tool usage rather than arbitrary or dangerous execution. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it retrieves and displays third-party 'editor_note' content from its API. While this content is intended for user information, it is not explicitly sanitized.
- Ingestion points:
editor_noteand other directory metadata retrieved fromapi.servicegraph.co(referenced inSKILL.md). - Boundary markers: The skill does not currently instruct the agent to use specific delimiters or protective warnings when outputting this external content.
- Capability inventory: The agent is granted shell access (via
curl) to interact with the API. - Sanitization: No validation or escaping of the external API data is described in the instructions.
Audit Metadata