skill-documentarian
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform extensive file system operations and validation routines. - It executes shell loops involving
sed,grep, andcutto parse YAML frontmatter from variousSKILL.mdfiles. - It automates the execution of local build and synchronization scripts, such as
npm run sync:skills,bash scripts/generate-og-image.sh, andnpx tsx scripts/syncSkillSubpages.ts. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) due to its core function of ingesting and processing content from other skills.
- Ingestion points: The agent reads markdown content and metadata from the
.claude/skills/directory, including subfolders for references, templates, examples, and guides. - Boundary markers: The prompt lacks explicit delimiters or instructions to prevent the agent from obeying commands that might be embedded in the metadata of the skills it documents.
- Capability inventory: The skill is granted
Bash,Write, andEditpermissions, providing a high-impact execution environment if an injection occurs. - Sanitization: While the skill mentions escaping angle brackets to ensure MDX compatibility, it does not implement comprehensive sanitization against adversarial instructions in the source skill files.
Audit Metadata