meta-docs
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's core functionality involves processing documentation files from the
docs/directory, which introduces a surface for indirect prompt injection where instructions hidden within managed documents could potentially influence the agent's behavior. * Ingestion points: Document files are read from the local file system bydoc_manager.py. * Boundary markers: The skill utilizes---delimiters to separate YAML frontmatter from document bodies. * Capability inventory: The script performs file read/write operations and executesgit configvia subprocess for metadata management. * Sanitization: Employs theruamel.yamllibrary for structured metadata parsing. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch and execute an installation script for the
uvpackage manager from Astral's official domain. - [COMMAND_EXECUTION]: The
doc_manager.pyscript invokes thegit configcommand to automatically retrieve the local user's name and email for document history and metadata updates.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata