update-skills-docs
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes multiple shell commands including
npm run skills:syncand a local script./scripts/push-skillsupon being loaded. These commands perform significant modifications to the local environment and are triggered without separate user verification.\n- [PROMPT_INJECTION]: The skill contains a directive for the agent to execute the analysis "immediately" and "without preamble" when loaded. This instruction attempts to override standard interaction safety protocols and force the agent into an autonomous mode of execution.\n- [PROMPT_INJECTION]: The skill processes untrusted input from git commit messages and file diffs to drive its documentation updates and script execution, creating a surface for indirect prompt injection.\n - Ingestion points: Git commit messages (
git log) and file diffs (git show) as specified in SKILL.md.\n - Boundary markers: Absent; the content is analyzed without protective delimiters or explicit instructions to ignore embedded commands.\n
- Capability inventory: File system modification,
git commit,git push, and execution of local shell and npm scripts (SKILL.md).\n - Sanitization: Absent; the agent is not instructed to validate or sanitize the content extracted from the git history before acting on it.\n- [DATA_EXFILTRATION]: The skill performs automated network operations via
git push. While intended for synchronization, this capability allows the transmission of repository data to a remote server without human review, which could be exploited if the automated process is compromised.
Audit Metadata