maintaining-core-documentation
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The 'Technical Writer Skill Synergy' section of the skill directs the agent to download a third-party skill from an external repository located at
https://github.com/shubhamsaboo/awesome-llm-apps. - [COMMAND_EXECUTION]: The skill provides explicit shell commands for the agent to execute, such as
npx skills ls -gandnpx skills add https://github.com/shubhamsaboo/awesome-llm-apps --skill technical-writer -g -y. The inclusion of the-yflag is noteworthy as it automates the installation process without requiring further user intervention. - [REMOTE_CODE_EXECUTION]: The instruction to download and install a third-party skill from a remote, unverified source and then leverage its capabilities constitutes a remote code execution vector.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because its primary function involves reading project codebase files which could contain malicious instructions designed to influence the agent's behavior during documentation generation.
- Ingestion points: The skill reads
README.md,TODO.md,docs/DESIGN.md,docs/architecture-and-walkthrough.md,docs/testing.md, anddeployment/README.md. - Boundary markers: The instructions lack specific delimiters or directions to treat file content as untrusted data rather than executable instructions.
- Capability inventory: The agent has the authority to read/write files and execute arbitrary shell commands via
npx. - Sanitization: No sanitization or verification logic is implemented for the data retrieved from the codebase files.
Audit Metadata