update-docs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes the full content of documentation files which can contain untrusted instructions.
- Ingestion points: The skill systematically reads CLAUDE.md, .plans, .tasks, and files within the docs/ directory.
- Boundary markers: File content is interpolated directly into the 'Oracle' sub-agent prompt without protective delimiters or instructions to treat the content as untrusted data.
- Capability inventory: The skill utilizes Bash for command execution, Edit for filesystem writes, and a Task tool for executing sub-agents.
- Sanitization: No evidence of content escaping or validation is present before document data is processed by the AI.
- [COMMAND_EXECUTION]: The skill explicitly uses the Bash tool to interact with the system for git-related operations such as checking logs. While intended for status monitoring, this provides a mechanism for command-line interaction with the environment.
Audit Metadata