version-doc-updater
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from user-supplied sources (such as PR descriptions, meeting minutes, or iteration notes) to modify local markdown files.
- Ingestion points: The skill reads existing markdown files ('管理后台操作说明.md', '对外能力说明.md', '版本更新说明.md') and ingests external iteration descriptions provided by the user.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are implemented to protect the agent from instructions hidden within the input data.
- Capability inventory: The skill uses file system tools (Read, Write, and Edit) to access and update the local documentation.
- Sanitization: There is no mechanism described to sanitize, escape, or validate the content before it is interpolated into the prompts and written to the documentation files.
Audit Metadata