Skills
skills/ab300819/skills/devdocs-insights/Gen Agent Trust Hub

devdocs-insights

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes content from external URLs via the WebFetch tool. This is a common pattern for research skills, and this specific skill mitigates the risk by mandating human-in-the-loop confirmation before any requirement is generated or stored.
  • Ingestion points: External URLs fetched via WebFetch and user-provided descriptions of UI/UX reviews or competitor analysis.
  • Boundary markers: Present. The skill workflow explicitly defines a 'User Confirmation' phase (Step 4) using the AskUserQuestion tool to verify suggestions before they are converted into requirements.
  • Capability inventory: The skill uses Read and Write for local documentation files (docs/devdocs/), WebFetch for external content, and AskUserQuestion for user interaction.
  • Sanitization: Absent. The system relies on the user to review the structured 'Insights' list for accuracy and safety before promoting them to the requirements document.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to retrieve content from external documentation and reference sites. This is used for its primary function of research and insight collection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 06:08 AM