docs-init
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and summarize codebase content which constitutes untrusted data. \n
- Ingestion Points: Scout agents read files from the local filesystem based on
ls -laresults. \n - Boundary Markers: Absent; there are no instructions to the agents to ignore embedded commands or instructions within the source code being analyzed. \n
- Capability Inventory: The skill can spawn sub-agents (Task tool) and write/update multiple files (docs/ directory and README.md). \n
- Sanitization: Absent; external content is processed and used to influence the documentation manager without filtering.\n- Command Execution (LOW): Executes
ls -lato identify the project structure, which is a necessary but low-risk administrative command in this context.
Recommendations
- AI detected serious security threats
Audit Metadata