feature-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface detected. The skill's primary function is to read and analyze source code to generate documentation, creating a path for untrusted data to enter the agent's context.
- Ingestion points: Phase 1 (Feature Analysis) and Phase 3 (Verification) read arbitrary files in the workspace using
Read,Grep, andGlobtools. - Boundary markers: The prompt lacks instructions to distinguish between code-as-data and code-as-instructions, nor does it provide delimiters to encapsulate ingested file content.
- Capability inventory: The skill is granted
Bash,Write, andEditpermissions, providing an exploitation path if the agent follows instructions embedded within the analyzed files. - Sanitization: There is no logic provided to sanitize or filter natural language instructions found within code comments or string literals during the ingestion phases.
Audit Metadata