doc
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on various system commands and third-party CLI tools to perform project analysis and reporting.\n
- In
SKILL.md, shell utilities such asls,grep, andwcare used to detect project types and calculate documentation coverage.\n - In
references/validation-rules.md, the skill invokes external tools includingoc(OpenShift) for deployment verification,gh(GitHub) andbd(Beads) for issue tracking.\n - In
references/validation-rules.md, it attempts to execute a local Python validator script located at~/.claude/scripts/doc-validate.py.\n - In
scripts/validate.sh, the script usesbash -cto evaluate internal validation conditions.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the analysis of repository content.\n - Ingestion points: The agent reads and processes arbitrary source code files (
*.py,*.go) and existing markdown documentation to 'understand' features for documentation generation as described inSKILL.md.\n - Boundary markers: There are no explicit instructions or delimiters defined to ensure the agent ignores or isolates natural language instructions that might be embedded within code comments or string literals in the target files.\n
- Capability inventory: The skill has the capability to write files to the local filesystem (
docs/,.agents/), create remote issues viagh, and interact with container orchestration viaoc.\n - Sanitization: There is no evidence of sanitization or filtering of the repository content before it is processed by the model's logic.
Audit Metadata