docs-seeker
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The repository analysis workflow (repo-analysis.md) instructs the agent to execute 'git clone' on arbitrary, user-provided or discovered URLs and suggests global software installation ('npm install -g repomix'). Executing commands that interact with untrusted external infrastructure is a high-risk operation.
- REMOTE_CODE_EXECUTION (MEDIUM): By automating the cloning and processing of entire codebases with tools like Repomix, the skill creates a path for executing or analyzing potentially malicious code from untrusted repositories.
- EXTERNAL_DOWNLOADS (LOW): The fetch-docs.js script makes outbound HTTPS requests to context7.com. While this is the intended purpose, this domain is not a predefined trusted source, and the script transmits an API key in the headers.
- PROMPT_INJECTION (LOW): The skill has a significant surface for indirect prompt injection as it ingests untrusted content from llms.txt files and GitHub repositories. Evidence Chain: (1) Ingestion points: fetch-docs.js (HTTP body) and repo-analysis.md (file system via git clone); (2) Boundary markers: Absent; (3) Capability inventory: Network access, file system access, and command execution (git, npm); (4) Sanitization: Basic regex normalization is performed on query terms in detect-topic.js, but no sanitization is applied to the ingested documentation content itself.
Audit Metadata