neo-team-copilot
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a system-analyzer role that executes powerful CLI tools for infrastructure investigation. Reference files provide templates for kubectl, psql, docker, and argocd commands, allowing for broad system access through the agent.
- [DATA_EXFILTRATION]: The system-analyzer is explicitly instructed to read sensitive environment files (e.g., .env.sit, .env.prod) to retrieve configuration data. These files typically contain credentials, which are then accessible to the agent and potentially exposed in its output or accessible to downstream processes.
- [PROMPT_INJECTION]: The skill implements an orchestration pattern where content from repository files like CLAUDE.md is directly interpolated into agent prompts. This creates a surface for Indirect Prompt Injection, where an attacker modifying those files could control the behavior of the specialist agents.
- Ingestion points: CLAUDE.md, AGENTS.md, and CONTRIBUTING.md (referenced in SKILL.md).
- Boundary markers: Absent. The content is mixed with role instructions in the prompt template.
- Capability inventory: Specialists have bash, edit, write, and database query capabilities.
- Sanitization: Absent. The skill does not validate or sanitize content from project files before interpolation.
Recommendations
- AI detected serious security threats
Audit Metadata