documentation-guide
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a configuration detection logic that relies on reading the contents of the project's CONTRIBUTING.md file to determine if the skill should be disabled or which language to use for documentation.\n
- Ingestion points: The agent is directed to check specific headers ('Disabled Skills', 'Documentation Language') within the project's CONTRIBUTING.md file, which is untrusted external data.\n
- Boundary markers: The instructions do not provide delimiters or security warnings to the agent to ignore other potentially malicious instructions that might be present in that file.\n
- Capability inventory: The skill is primarily focused on text generation and directory structure organization; it does not demonstrate capabilities for executing system commands or making network requests.\n
- Sanitization: There is no evidence of sanitization or strict schema validation for the data read from the external file before it influences agent behavior.
Audit Metadata