Skills
skills/c0ntr0lledcha0s/claude-code-plugin-automations/managing-docs/Gen Agent Trust Hub

managing-docs

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to automatically activate when documentation-related files are detected or tasks are initiated. This creates a high-risk ingestion surface.\n
  • Ingestion points: User project files including README.md, mkdocs.yml, docusaurus.config.js, and conf.py.\n
  • Boundary markers: None. There are no instructions to sanitize or disregard instructions embedded within the files being organized.\n
  • Capability inventory: Access to Bash, Write, Edit, and Glob tools allows for full system interaction.\n
  • Sanitization: Absent. The agent is encouraged to structure and configure based on existing file content.\n- [Remote Code Execution] (HIGH): The skill encourages the use of npx create-docusaurus@latest, which downloads and executes the latest version of a remote script from the NPM registry. It also references a remote pre-commit hook from an untrusted GitHub repository (igorshubovych/markdownlint-cli).\n- [External Downloads] (MEDIUM): The instructions recommend installing several third-party Python and Node.js packages (e.g., mkdocs-material, sphinx-rtd-theme) from public registries. While common, this introduces a dependency on external sources.\n- [Command Execution] (MEDIUM): The skill contains multiple shell command templates for building and deploying documentation (mkdocs gh-deploy, npm run docusaurus), which involve automated operations on the local filesystem and remote repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:20 AM