doc-drift-detector
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts drift_analyzer.py and doc_staleness_scorer.py execute the system's git binary using the subprocess module to retrieve commit history and version information. The implementation uses list-based arguments without shell=True, following security best practices for external command invocation.\n- [DATA_EXFILTRATION]: The link_checker.py script contains functionality to validate external URLs in markdown files using the urllib.request module. This feature performs outbound HTTP requests to verify URL availability, which is an intended functionality described in the skill's documentation.\n- [COMMAND_EXECUTION]: The api_doc_validator.py script analyzes Python source code using the ast (Abstract Syntax Tree) module. This allows for structural analysis of code (extracting function signatures and docstrings) without executing the target code, avoiding risks associated with dynamic code execution.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted documentation files from target repositories. The findings generated by the tools are presented to the agent, which could contain malicious instructions embedded in the analyzed markdown files.\n
- Ingestion points: Documentation files and Python source files processed by scripts in the scripts/ directory.\n
- Boundary markers: None explicitly present in the tool output formatting.\n
- Capability inventory: Subprocess execution of git, network access for link validation, and extensive filesystem read access across the target repository.\n
- Sanitization: None observed in the scripts beyond standard parsing of markdown and Python AST.
Audit Metadata