project-documentation
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides explicit instructions to install a third-party dependency 'technical-writer' from an external GitHub repository (
https://github.com/shubhamsaboo/awesome-llm-apps) using thenpx skills addcommand. This introduces a supply chain risk as the source is not an official or trusted vendor. - [COMMAND_EXECUTION]: The skill requires the execution of shell commands through the
npxutility to manage, list, and install agent skills within the environment. - [DATA_EXPOSURE]: To ensure technical accuracy, the agent is instructed to read internal project configuration files such as
*.tfvars,config.py, andpyproject.toml. This behavior grants the agent access to architectural metadata and environment-specific settings. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core functionality of reading and processing untrusted data.
- Ingestion points: Processes content from
README.md,TODO.md,DESIGN.md,architecture-and-walkthrough.md,testing.md, and various code configuration files. - Boundary markers: Absent. The instructions do not employ delimiters or ignore-instructions wrappers when the agent reads external file content.
- Capability inventory: The agent possesses the capability to modify the local filesystem (writing documentation) and execute shell commands via the
skillstoolset. - Sanitization: Absent. No logic is defined to validate or sanitize external content before it is incorporated into documentation or used to inform agent decisions.
Audit Metadata