documentation-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from documentation files and project source code, which constitutes a surface for indirect prompt injection. 1. Ingestion points: The skill explicitly reads all files under the docs/ directory (Stage 2) and cross-references documentation claims against the project source code (Stage 5). 2. Boundary markers: The orchestration instructions do not include requirements for the agent to use XML-style delimiters or explicit 'ignore embedded instructions' warnings when parsing the audited content. 3. Capability inventory: The skill has the capability to list directories and read files across the repository, and it aggregates these findings into a consolidated report. 4. Sanitization: There are no instructions for sanitizing or escaping the content retrieved from the documentation files before it is processed by sub-skills or included in the final markdown report.
Audit Metadata