weird-4
Audited by Gen Agent Trust Hub on Feb 12, 2026
The skill file contains the path ../../../.env-example. This path exhibits directory traversal (../), attempting to access files outside the skill's designated directory. While .env-example is an example configuration file, the pattern of accessing such files with directory traversal is a significant security concern. It indicates a potential attempt at information disclosure or unauthorized file access, as this technique could easily be adapted to target actual sensitive configuration files (e.g., .env) or credential files (e.g., ~/.aws/credentials). This finding is categorized as MEDIUM due to the combination of sensitive file type reference and directory traversal, which poses a risk of data exfiltration.