doom-doc-assistant
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/setup.shscript downloads a binary executable (kubeconform) from an external GitHub repository (github.com/yannh/kubeconform) that is not on the trusted vendor list. - [EXTERNAL_DOWNLOADS]: The skill installs the
ruamel.yamlPython package from the public PyPI registry usingpip3during its setup phase. - [COMMAND_EXECUTION]: The agent is instructed to use system commands such as
grep,ls, andcatto search for and read content from the user's local documentation repository. - [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/setup.sh) and Python scripts (scripts/yaml_check.py) to manage the environment and validate documentation content. - [REMOTE_CODE_EXECUTION]: The workflow involves downloading an external binary (
kubeconform) and subsequently executing it to validate Kubernetes YAML manifests processed or generated by the agent. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted documentation files from a local repository and performing actions based on their content.
- Ingestion points: Documentation files (
.mdx) located in the repository path provided by the user (as seen inSKILL.mdPhase 0 and 2). - Boundary markers: The skill uses a structured multi-phase workflow with explicit instructions to load rule files (
rules/*.md) and templates, providing organizational structure but no formal isolation. - Capability inventory: The skill possesses the ability to read the filesystem (
grep,ls,cat), perform network downloads (curl), and execute arbitrary commands via shell scripts and thekubeconformbinary. - Sanitization: There is no evidence of sanitization or validation of the documentation content before it is processed by the agent or passed to validation tools.
Audit Metadata