docs-search
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions involve cloning 'https://github.com/23blocks-OS/ai-maestro-plugins.git'. This repository is not from a trusted organization, posing a risk of malicious content.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user or agent to execute 'install-doc-tools.sh' from the cloned repository. Running shell scripts from unverified sources allows for arbitrary command execution.
- [PROMPT_INJECTION] (LOW): This skill provides a surface for indirect prompt injection. Evidence: 1. Ingestion points: 'docs-index.sh' reads source code comments (JSDoc, docstrings) and READMEs. 2. Boundary markers: No delimiters or instruction-ignore warnings are present in the documentation searching/indexing commands. 3. Capability inventory: The skill is intended to inform the agent's implementation phase ('Search docs -> Then implement'), giving the indexed data influence over subsequent code generation actions. 4. Sanitization: There is no evidence of sanitization for the documentation content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata