Skills
skills/devexpgbb/ai-native-dev-lab/Documentation Skill/Gen Agent Trust Hub

Documentation Skill

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes arbitrary code content provided through the ${file} and ${selection} variables.
  • Ingestion points: External code content is interpolated into prompts/generate-docs.prompt.md for analysis and documentation generation.
  • Boundary markers: Absent. The prompt does not utilize delimiters (e.g., XML tags or backticks) to isolate the code content or include instructions for the agent to ignore embedded commands.
  • Capability inventory: The agent has access to search, edit, and read tools, which could be abused if malicious instructions are followed.
  • Sanitization: Absent. There is no evidence of input validation or escaping of the code being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:38 AM