documentation-writer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on technical writing tasks. No patterns indicative of system prompt extraction, safety filter bypasses, or 'DAN' style roleplay were detected.
- [Data Exposure & Exfiltration] (SAFE): The README template includes common placeholders for environment variables (
user:pass,your-secret-key,xxx). These are non-functional examples used for documentation purposes and do not represent hardcoded secrets or sensitive data access. - [False Positive Alert] (SAFE): The automated alert for 'client.do' is a false positive. The scanner misinterpreted the JavaScript method call
client.doSomething()in the code example as a phishing domain (using the .do TLD). Analysis confirms no network requests are made to this or any other domain. - [Indirect Prompt Injection] (SAFE): While the skill processes user-provided code, it acts only as a text generator. It has no capabilities to execute commands, write files, or perform network operations, meaning there is no exploitable attack surface for indirect injection.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata