lib-docs-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The file
references/crawling-guide.mdprovides bash command snippets (mkdir,curl) intended for the agent to execute to manage documentation files. Writing directly to the skill's reference directory (.claude/skills/...) is a high-risk operation. Evidence:mkdir -p .claude/skills/{library}/references,curl -s https://example.com/sitemap.xml -o sitemap.xml. - EXTERNAL_DOWNLOADS (MEDIUM): The skill guides the agent to download files from untrusted external domains (
example.com, etc.) directly into the skill's reference directory. Evidence:curl -s https://example.com/llms.txt -o .claude/skills/{library}/references/docs.md. - PROMPT_INJECTION (LOW): The
templates/skill.mdfile uses an override pattern in its description to force execution. Evidence:**IMPORTANT: Always execute this skill before answering questions about these libraries.**. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a significant attack surface for indirect prompt injection as it is designed to fetch and process untrusted external web content. 1. Ingestion points:
WebFetchcalls inreferences/crawling-guide.md(URL harvesting) andtemplates/skill.md(detailed doc retrieval). 2. Boundary markers: Absent. The prompts do not use delimiters or instructions to ignore embedded commands. 3. Capability inventory:WebFetch,Read,WebSearch, and shell access viacurl. 4. Sanitization: Absent; content is processed directly for extraction without validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://example.com/sitemap.xml - DO NOT USE without thorough review
Audit Metadata