find-web-developer

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill directs the agent to proactively search for and read sensitive local files, specifically .env and .env.local, to extract the SERVICEGRAPH_TOKEN without explicitly requesting user permission.
  • [DATA_EXFILTRATION]: The skill establishes a data flow where authentication tokens harvested from the local file system are transmitted to the external domain api.servicegraph.co in request headers.
  • [PROMPT_INJECTION]: The skill processes untrusted external firm metadata, which could serve as a vector for indirect prompt injection. 1. Ingestion points: Firm data retrieved from the /v1/search and /v1/get endpoints in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The skill utilizes network requests to api.servicegraph.co and performs local file reads. 4. Sanitization: There is no evidence of validation or filtering for data retrieved from the API before it is integrated into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 08:53 AM
Security Audit — agent-trust-hub — find-web-developer