docs
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted external data. Evidence chain: 1. Ingestion points: analytics tools, issue trackers, support channels, and codebase content (references/research.md, references/sync.md). 2. Boundary markers: Global rules 8 (path containment) and 9 (secret prevention) provide directory and secret protection but do not provide content-level delimiters for external data. 3. Capability inventory: The skill has extensive file system write/delete capabilities and the power to implement code changes (references/work.md, references/sync.md). 4. Sanitization: No specific logic is defined for sanitizing or filtering instructions from external content.
- [COMMAND_EXECUTION]: The README.md file contains an installation command using npx to fetch code from a remote repository (donutdaniel/agent-skills). While standard for skill installation, users should ensure the source is trusted before execution.
Audit Metadata