think
Fail
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to open and read sensitive configuration files, specifically mentioning
.env, to extract live values. This practice exposes local environment secrets and API keys to the model context. - [COMMAND_EXECUTION]: The instructions require the agent to execute shell commands such as
pwd,git rev-parse --show-toplevel, andgrepto verify working directories and analyze the codebase. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from local repository files, such as ADRs, design docs, and issue threads, and incorporating their content into generated plans.
- Ingestion points: Local project configuration files, ADRs, design documents, and grep outputs (SKILL.md).
- Boundary markers: Absent; there are no specified delimiters or instructions to ignore embedded directives in the files being read.
- Capability inventory: File system access and shell command execution (
pwd,git,grep). - Sanitization: No sanitization or content validation of the ingested file data is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata