docmost
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: Commands including file-download, page-export, and space-export allow writing data to any file path provided as an argument. In src/commands/file.ts, src/commands/page.ts, and src/commands/space.ts, the skill checks for paths outside the current directory and issues a warning but proceeds with the write, which could be used to overwrite critical system configuration files.
- [DATA_EXFILTRATION]: Through commands like file-upload and page-import, the skill can read arbitrary files from the host system and upload them to a remote server. This presents a risk of sensitive data being exfiltrated if the agent is manipulated into selecting sensitive files.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Docmost platform via page-info and search commands. The absence of boundary markers or instructions to ignore embedded commands in the processed text makes the agent vulnerable to indirect prompt injection attacks where documentation content influences agent behavior.
- [CREDENTIALS_UNSAFE]: The tool requires sensitive environment variables like DOCMOST_TOKEN or DOCMOST_PASSWORD for authentication. Exposure of these credentials could lead to unauthorized access to the Docmost workspace.
Audit Metadata