doc-sync
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate documentation maintenance tasks such as auditing architecture, security, and test documentation.\n- [COMMAND_EXECUTION]: The skill executes local bash and Node.js scripts to inventory markdown files and validate path references. Evidence: SKILL.md invokes scripts/list-doc-targets.sh and scripts/check-doc-paths.js.\n- [PROMPT_INJECTION]: The skill processes markdown files from the repository, presenting a potential surface for indirect prompt injection.\n
- Ingestion points: scripts/check-doc-paths.js reads content from files identified in SKILL.md.\n
- Boundary markers: No explicit markers are used to delimit content from instructions.\n
- Capability inventory: The skill permits the agent to execute local scripts and modify files within the repository.\n
- Sanitization: The skill does not perform sanitization or validation of the text within documentation files.
Audit Metadata