sync-docs
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted data from the repository's documentation and source code files.
- Ingestion points: Phase 2 (Parallel Verification) and Phase 5 (Correction Application) read file contents into sub-agent prompts.
- Boundary markers: The prompts do not use explicit delimiters (like XML tags or clear-cut ignore instructions) to separate target content from agent instructions.
- Capability inventory: The skill has the capability to read files via the file system and modify them through a general-purpose sub-agent.
- Sanitization: There is no evidence of sanitization or escaping of ingested file content before it is interpolated into the prompts for the Explore and general-purpose agents.
- Mitigation: The risk is mitigated by Phase 4 (User Confirmation), which requires a human-in-the-loop review before any modifications are actually applied to the files.
Audit Metadata