sync-knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill requests broad read access to the project structure, including searching through 'config/', 'scripts/', and 'hooks/' directories. This provides the agent with access to project configuration and internal logic, though no exfiltration mechanism is identified.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the codebase and documentation files. A malicious actor could insert instructions into these files to misdirect the agent's behavior during the 'Read' and 'Compare' operations. * Ingestion points: Markdown files in 'docs/' and various source code files (e.g., package.json, go.mod) as defined in SKILL.md. * Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the files being analyzed. * Capability inventory: The skill has permissions to read files across the repository and write/edit markdown files in the 'docs/' directory. * Sanitization: No evidence of input validation or content sanitization is present before the data is used for comparison or documentation updates.
Audit Metadata