document-sync
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill is designed to parse sensitive environment and configuration files (e.g., .env, settings.py, application.yml). While this is the stated primary purpose for documentation synchronization, it establishes a high-privilege data access surface. Severity is reduced from HIGH to MEDIUM per the primary purpose rule.
- Prompt Injection (LOW): The 'MANDATORY USER VERIFICATION REQUIREMENT' in SKILL.md uses authoritative language ('CRITICAL', 'REQUIRED', 'No exceptions') to override the agent's standard task completion and communication behavior.
- Indirect Prompt Injection (LOW): The skill has a significant indirect prompt injection surface.
- Ingestion points: system_scan.py and verify_docs.py ingest untrusted content from the entire codebase, including third-party dependencies.
- Boundary markers: No specific delimiters or 'ignore' instructions for ingested content are defined in the provided files.
- Capability inventory: The skill can write to the filesystem via update_docs.py.
- Sanitization: No sanitization of code or comments is mentioned before they are processed or written to documentation.
- Command Execution (LOW): The operation workflow requires executing local Python scripts (system_scan.py, verify_docs.py, update_docs.py) via shell commands.
- No Code (SAFE): The referenced Python scripts that perform the actual file scanning and updating are missing from the package, preventing a complete audit of the code execution logic.
Audit Metadata