documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from the user's workspace without explicit isolation.
- Ingestion points: Untrusted source code and project documentation are ingested via
Read,Grep, andGlobtools (referenced in SKILL.md). - Boundary markers: Absent. There are no instructions defining delimiters or clear boundaries to distinguish between the agent's instructions and the content of the files being documented.
- Capability inventory: The agent has access to
Bash,Write, andEdittools, which could be leveraged if the agent inadvertently follows instructions embedded within the analyzed code. - Sanitization: No sanitization or filtering of ingested file content is specified.
Audit Metadata