Skills
skills/alexei-led/cc-thingz/looking-up-docs/Gen Agent Trust Hub

looking-up-docs

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a set of instructions for looking up API documentation. It does not include executable scripts or suspicious commands.
  • [EXTERNAL_DOWNLOADS]: The skill references and fetches documentation from external, well-known sources including official documentation for libraries like React, Next.js, and Kubernetes.
  • Evidence: The workflow utilizes mcp__context7 and WebFetch to retrieve content from library-specific repositories and official documentation sites.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from external websites and documentation indices.
  • Ingestion points: Data is retrieved from external sources via mcp__context7__query-docs, WebSearch, and WebFetch (referenced in SKILL.md).
  • Boundary markers: Absent; the instructions do not specify using delimiters or provide warnings to the agent to ignore instructions embedded in the retrieved documentation.
  • Capability inventory: The skill enables the agent to read the local filesystem (Read, Grep, Glob) and perform network operations (WebFetch), which could be targets for instructions found in malicious documentation.
  • Sanitization: No content sanitization or validation of the external documentation is performed before it is added to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:17 AM