enhance-docs
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from documentation files, creating a surface for indirect prompt injection. Ingestion points: Markdown files located in docs/, agent-docs/, and root directories (e.g., README.md, CLAUDE.md). Boundary markers: Absent; no delimiters are used to separate untrusted content from the agent's internal logic. Capability inventory: The skill has the ability to write to the local filesystem when the --fix flag is provided. Sanitization: No content validation or escaping is implemented. The risk is considered low because the skill's operations are limited to markdown reformatting and does not include shell execution or network access.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network requests were detected.
- [Remote Code Execution] (SAFE): No remote scripts or unverifiable package dependencies are utilized.
Audit Metadata