code-documentation-doc-generate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function is to "Extract information from code, configs, and comments." This creates a major vulnerability where an attacker can embed malicious instructions within code comments or configuration files. Because the agent parses this data to generate documentation and CI configurations, it could be tricked into executing unauthorized actions or leaking information through the generated artifacts.
- Command Execution & Workflow Modification (MEDIUM): The instructions direct the agent to "Add automation (linting, CI) and validate accuracy." Modifying CI/CD pipelines or build scripts is a high-privilege activity. If combined with an indirect prompt injection attack, the agent could be manipulated into inserting malicious steps (e.g., data exfiltration or credential harvesting) into the project's automation suite.
- Data Exposure (LOW): Although the skill includes a safety warning against exposing secrets, its operational requirement to read "configs" and "comments" inherently involves access to potentially sensitive internal data. Without strict sanitization or boundary markers, there is a risk that internal URLs or architectural secrets could be included in the public-facing documentation.
Recommendations
- AI detected serious security threats
Audit Metadata