Skills
skills/aigne-io/doc-smith-skills/doc-smith-create/Gen Agent Trust Hub

doc-smith-create

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform several system-level operations, including git init, git add, git commit, and running build scripts via node skills/doc-smith-build/scripts/build.mjs.
  • [EXTERNAL_DOWNLOADS]: In the references/content.md file, the skill provides instructions to run npm install within a local directory to fetch dependencies from external registries when they are missing.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) while processing source code.
  • Ingestion points: The skill reads project source files, including those in parent directories (../../), using tools like Read, Grep, and Glob in references/content.md.
  • Boundary markers: There is an absence of explicit delimiters or instructions to the model to disregard potential instructions embedded within the source files.
  • Capability inventory: The agent possesses extensive capabilities, including command execution (Bash), file system modification (Write), and tool invocation (Skill), which increase the risk of an injection attack.
  • Sanitization: No sanitization or validation is applied to the content of the source files before they are processed by the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 01:48 PM