project-bootstrap
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the doc-detective-resolver package via NPM and executes the doc-detective CLI using npx. It also references the official docdetective/doc-detective Docker image. These resources originate from the skill vendor.
- [COMMAND_EXECUTION]: The skill invokes several commands including doc-detective run, docker run, and a Node.js script fix-tests.js from the doc-testing skill. These executions are intended for initializing and maintaining documentation tests.
- [PROMPT_INJECTION]: The skill processes untrusted documentation content, which presents a surface for indirect prompt injection. 1. Ingestion points: Documentation files are read into variables during Phase 3 and Phase 5. 2. Boundary markers: LLM prompts utilize triple-dash delimiters to separate documentation content. 3. Capability inventory: The skill can execute shell commands (runShell action), modify configuration files, and perform inline test injection into source files. 4. Sanitization: No explicit sanitization or validation of the ingested documentation content is performed beyond the use of delimiters in prompts.
Audit Metadata