preview
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs dynamic installation of Node.js dependencies (Docusaurus) at runtime. It explicitly uses the
--registry=https://registry.npmjs.orgflag to bypass private or corporate registry configurations. This is a deliberate bypass of security controls designed to ensure package provenance and safety in restricted environments. - COMMAND_EXECUTION (LOW): The troubleshooting section includes commands for forceful process termination (
kill -9). While targeted at specific ports (3015/3016), these instructions involve aggressive shell execution. - PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection surface). The skill is designed to ingest and render Markdown documentation from the project filesystem.
- Ingestion points: Reads files from
.specweave/docs/internal/and.specweave/docs/public/. - Boundary markers: None identified in the skill definition to separate untrusted document content from agent instructions.
- Capability inventory: Executes local shell commands to launch Docusaurus servers (Node.js).
- Sanitization: No evidence of input sanitization for the documentation content prior to processing by the Docusaurus engine.
Audit Metadata