Back to skill
Skillv1.0.0
Static analysis security
AgentAudit · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Summary
- Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.potential_exfiltration (+1 more)
- Reason codes
- suspicious.env_credential_accesssuspicious.exposed_secret_literalsuspicious.potential_exfiltrationsuspicious.prompt_injection_instructions
- Engine
- v2.4.5
Evidence
criticalscripts/check.mjs:24
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/gate.mjs:27
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/register.mjs:62
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/upload.mjs:26
Environment variable access combined with network send.
suspicious.env_credential_access
criticalprompts/audit-prompt.md:168
Documentation appears to expose a hardcoded API secret or token.
suspicious.exposed_secret_literal
warnscripts/check.mjs:32
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/gate.mjs:35
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/register.mjs:71
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/upload.mjs:35
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnprompts/audit-prompt.md:178
Prompt-injection style instruction pattern detected.
suspicious.prompt_injection_instructions