find-service-providers
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to read sensitive configuration files, specifically
.env.localand.env, in the current working directory to find aSERVICEGRAPH_TOKEN. This access exposes the entirety of these files, which commonly store unrelated and sensitive credentials. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to
api.servicegraph.cofor data retrieval and authentication purposes. - [COMMAND_EXECUTION]: The instructions provide examples for executing shell commands including
curlfor API requests andopensslfor local hash generation. - [PROMPT_INJECTION]: The skill ingests data from an external API, presenting a risk surface for indirect prompt injection. Ingestion points: Data enters the agent's context from
api.servicegraph.coendpoints (/tags,/search,/get). Boundary markers: None provided to separate API content from instructions. Capability inventory: Includes shell command execution and local sensitive file access. Sanitization: No filtering or validation of external API responses is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata