Skills
skills/alexei-led/claude-code-config/documenting-code/Gen Agent Trust Hub

documenting-code

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Reads project source code and existing documentation files (*.md, doc.go) identified via find and git diff commands.
  • Boundary markers: Absent. The instructions do not define clear delimiters or instruct the agent to ignore instructions embedded within the files being analyzed.
  • Capability inventory: The skill uses the Task tool to spawn a sub-agent capable of writing files (updating documentation) and executing shell commands (git, find).
  • Sanitization: Absent. There is no logic to filter or escape potential instructions found in the analyzed documentation or code comments.
  • [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the sub-agent to execute shell commands (git diff --name-only HEAD~5 and find . -name '*.md' -o -name 'doc.go'). While these are common development tasks, they provide a footprint for an attacker to escalate privileges if the sub-agent's prompt is compromised via injection.
  • [PROMPT_INJECTION] (MEDIUM): The skill interpolates user-provided input ({user's choice from Step 1}) directly into the prompt for the docs-keeper sub-agent. Although the AskUserQuestion tool provides specific options, the lack of explicit sanitization before interpolation into a high-capability sub-agent prompt is a security risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:24 AM