octocode-documentaion-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the repository being documented. 1. Ingestion points: Agent scripts (agent-researcher.md and agent-documentation-writer.md) use localGetFileContent to read repository code. 2. Boundary markers: The prompts use XML-like tags (e.g., <agent_definition>, ) to structure logic, but these do not prevent an attacker from embedding instructions in code comments. 3. Capability inventory: The agents have the ability to write files (Write tool) and spawn sub-agents (Task tool). 4. Sanitization: No sanitization or filtering is applied to the ingested repository content.
- External Downloads (LOW): The skill documentation recommends installing the octocode-mcp server and octocode-cli via npx. These packages are provided by an untrusted third-party author (bgauryy). While standard for this use case, users should verify the packages before installation.
- Dynamic Execution (SAFE): The orchestration logic contains JavaScript blocks used to manage the pipeline phases and generate prompts for sub-agents. This logic is used for flow control and does not execute untrusted external strings or code.
Audit Metadata