doc-sync
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (MEDIUM): The skill recommends installing
bitso-documentation-lintervia a custom Homebrew tapbitsoex/homebrew-bitso. This organization is not on the list of trusted external sources. - [Command Execution] (LOW): The skill executes local Node.js scripts using commands like
node .scripts/skills-cli.tsand dynamic imports vianode -e. While these are part of the skill's intended functionality, they represent a local command execution surface. - [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill reads and processes various markdown files within the repository to validate links and structure.
- Boundary markers: Absent. The skill does not explicitly use delimiters or instructions to ignore instructions embedded within the documentation it processes.
- Capability inventory: The skill has the capability to execute local scripts and output analysis results back to the agent context.
- Sanitization: No sanitization logic for the content of processed documentation files is documented.
Audit Metadata