tasks-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is intended to read and process source code to generate documentation, creating a significant attack surface for instructions embedded in data.
- Ingestion points: Uses
Read,Grep, andGlobtools to ingest untrusted source code and comments. - Boundary markers: No instructions are provided to the agent to distinguish between code to be documented and potential instructions embedded within that code.
- Capability inventory: Possesses
Bash,Write, andEdittools, allowing for arbitrary command execution and file system modification if an injection is successful. - Sanitization: No sanitization or validation of the ingested content is performed before processing.
- [Command Execution] (MEDIUM): The inclusion of the
Bashtool is excessive for a documentation skill. This significantly escalates the potential impact of any prompt injection attack, as the agent can be coerced into executing shell commands in the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata