doc-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection.
- Ingestion points: The skill uses
Globto find andReadthe complete contents of numerous documentation files (e.g.,AGENTS.md,CLAUDE.md,AI.md) across the project root and hidden directories. - Boundary markers: No boundary markers (like XML tags) or instructions to disregard embedded commands are present in the synthesis step.
- Sanitization: There is no logic to filter or sanitize the content read from these external, potentially attacker-controlled files.
- Risk: An attacker can embed malicious instructions in an
AGENTS.mdfile that the agent will then ingest and potentially obey during the 'Synthesize' phase. - COMMAND_EXECUTION (HIGH): The skill possesses broad capabilities that can be abused via the injection surface.
- Capability inventory: The skill is granted
Bash,Write, andGlobtools. - Evidence: Step 4 explicitly uses
Writeto create directories and archive files. The presence ofBashinallowed-toolscombined with untrusted data ingestion allows an injected instruction to execute arbitrary system commands. - CREDENTIALS_UNSAFE (MEDIUM): The skill's templates encourage unsafe data handling.
- Evidence: In
references/templates.md, the 'Comprehensive AGENTS.md Template' includes a section for 'Environment Variables' with placeholders forDATABASE_URLandAPI_KEY. - Risk: This encourages users to document sensitive configuration in plain text files which the skill then reads and processes, increasing the risk of credential exposure.
Recommendations
- AI detected serious security threats
Audit Metadata