devdocs-compound
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external sources like Git logs and task reports, which constitutes a surface for indirect prompt injection.
- Ingestion points: Ingests data from
git log,verify-report.md, and task-related markdown files (e.g.,04-dev-tasks*.md). - Boundary markers: No explicit delimiters are defined for the external data in the prompt; however, the skill mandates a human-in-the-loop confirmation step before any file is written.
- Capability inventory: Restricted to
WriteandEditoperations within thedocs/devdocs/patterns/directory. - Sanitization: No explicit sanitization or filtering of input data is defined.
- [DATA_EXFILTRATION]: No security concerns identified. The skill is restricted to local filesystem tools and does not have access to network tools or external APIs.
- [COMMAND_EXECUTION]: The skill does not have access to tools for arbitrary command execution. It describes workflows involving Git logs, but does not include a shell or git execution tool in its allowed tools list.
Audit Metadata