documentation-lookup
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data retrieved from documentation repositories, which presents a surface for indirect prompt injection.
- Ingestion points: Data is fetched from external documentation via the
query-docstool as described in Step 3 of SKILL.md. - Boundary markers: There are no explicit instructions to the agent to treat the fetched documentation strictly as data or to ignore embedded instructions found within the documentation text.
- Capability inventory: While the skill itself does not define dangerous capabilities like file writing or command execution, the agent context using this skill might have such tools available.
- Sanitization: The skill lacks instructions to sanitize or validate the content returned by the documentation service before it is processed by the agent.
- [SAFE]: The skill includes a proactive security measure by explicitly instructing the agent to redact sensitive data (API keys, passwords, tokens) from user queries before they are sent to the external Context7 MCP service.
Audit Metadata