Skills
skills/sickn33/antigravity-awesome-skills/production-code-audit/Gen Agent Trust Hub

production-code-audit

Fail

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains repeated instructions to bypass standard safety interaction models. Specifically, it commands the agent to "Do this automatically without asking the user," "Don't Ask Questions," and "Don't Wait for Instructions
  • Scan and fix automatically." These directives attempt to override the user's ability to review or block potentially harmful actions performed by the agent.
  • [PRIVILEGE_ESCALATION]: The instructions grant the agent autonomous authority to modify high-privilege repository components, such as authentication middleware, authorization checks, and CI/CD configuration files (e.g., ".github/workflows"). Automating changes to these sensitive areas without human verification presents a critical risk of repository compromise.
  • [INDIRECT_PROMPT_INJECTION]: This skill presents a significant attack surface by design, as it ingests large amounts of untrusted data (an entire codebase) and possesses the capabilities to modify the environment.
  • Ingestion points: SKILL.md (Autonomous Codebase Discovery phase) instructs the agent to "Read all files" and "Scan every file in the project recursively."
  • Boundary markers: None present. There are no instructions for the agent to distinguish between its own system instructions and potentially malicious instructions embedded in the code it is auditing.
  • Capability inventory: The agent is authorized to use listDirectory, readFile, and strReplace across the entire project structure.
  • Sanitization: Absent. There is no evidence of content validation or sanitization before the agent processes and acts upon the code contents.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The requirement for the agent to "Scan every file in the project" recursively ensures access to all sensitive files, including environment variables, secrets, and private configuration. Within an autonomous framework that discourages user intervention, this broad access increases the risk of data exposure if the agent is manipulated by adversarial code in the project.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 07:55 AM