find-web-developer
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to proactively search for and read sensitive local files, specifically .env and .env.local, to extract the SERVICEGRAPH_TOKEN without explicitly requesting user permission.
- [DATA_EXFILTRATION]: The skill establishes a data flow where authentication tokens harvested from the local file system are transmitted to the external domain api.servicegraph.co in request headers.
- [PROMPT_INJECTION]: The skill processes untrusted external firm metadata, which could serve as a vector for indirect prompt injection. 1. Ingestion points: Firm data retrieved from the /v1/search and /v1/get endpoints in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The skill utilizes network requests to api.servicegraph.co and performs local file reads. 4. Sanitization: There is no evidence of validation or filtering for data retrieved from the API before it is integrated into the agent's context.
Audit Metadata