project-documentation-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run theccw cliutility for project analysis. While this is a core part of the documentation workflow, executing CLI tools with parameters derived from project analysis presents a common execution pattern. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the project being documented to generate tasks and content.
- Ingestion points: The workflow reads arbitrary project files using
Read,Glob, andGrepacross all phases, including the initial scan and the individual documentation tasks. - Boundary markers: The agent instructions use Markdown headers to separate context, but they lack explicit delimiters or instructions to treat the analyzed source code strictly as data, increasing the risk of the LLM following instructions found within comments or README files.
- Capability inventory: The skill possesses significant capabilities, including the ability to write files (
Write,Edit), execute shell commands (Bash), and spawn additional agents (spawn_agents_on_csv). - Sanitization: There is no evidence of sanitization or filtering of the project content before it is incorporated into the prompt context for subsequent agents.
Audit Metadata