finding-dev-server-url
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses and reads the full content of terminal log files. These files often contain sensitive information, including environment variables, authentication tokens, and secret keys that are printed to the console during application startup or debugging sessions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from terminal logs.
- Ingestion points: Terminal output files (*.txt) in the terminals folder.
- Boundary markers: None identified; the skill treats the entire log file as data to be parsed.
- Capability inventory: File system access (ls, read) and browser control (navigation, screenshots).
- Sanitization: No validation or sanitization of the terminal output is performed before the agent processes the content.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like 'ls' to enumerate and access files on the local file system.
Audit Metadata