find-software-developer

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive configuration files in the project directory to automatically find API tokens. Specifically, it directs the agent to 'read .env.local then .env in the current working directory and look for a SERVICEGRAPH_TOKEN=… line' and use it without prompting the user. While standard for many developer tools, this behavior provides the agent with access to all other secrets potentially stored in those files.
  • [COMMAND_EXECUTION]: The documentation includes shell commands for the agent to execute, such as 'curl' for API interactions and 'openssl' for locally computing firm identifiers. This is legitimate functionality for the skill but involves direct command line usage.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from an external API.
  • Ingestion points: Data is ingested from the ServiceGraph API via endpoints like 'https://api.servicegraph.co/v1/search' and 'https://api.servicegraph.co/v1/get'.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent to treat this external content as untrusted.
  • Capability inventory: The agent has the capability to perform network requests ('curl', 'fetch', 'requests') and read local files ('.env').
  • Sanitization: There is no evidence of sanitization or validation of the content returned from the external API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:53 AM
Security Audit — agent-trust-hub — find-software-developer