disabling-services
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes user-provided metadata like service names and descriptions and writes them into documentation files.
- Ingestion points: Metadata is inserted into
docs/services/*.md,docs/.vitepress/theme/components/Services/List.vue, anddocs/services/all.md. - Boundary markers: There are no instructions to use delimiters or ignore embedded commands within the user-supplied content.
- Capability inventory: The agent uses
Read,Grep,Glob,Write, andEdittools to modify project files. - Sanitization: No validation or sanitization of input strings is mentioned before they are applied to file templates.
Audit Metadata