docs-applies-to-tagging
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches syntax rules and tagging guidelines from official Elastic repositories and websites (elastic.github.io and elastic.co). These resources are authoritative for the skill's specific purpose.\n- [PROMPT_INJECTION]: The skill processes user-provided markdown files and external documentation to perform its validation tasks. This ingestion of external data without explicit boundary markers or sanitization logic creates a surface for indirect prompt injection.\n
- Ingestion points: Local .md files accessed via Glob/Read tools and external documentation via WebFetch.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined.\n
- Capability inventory: The agent can read files, write changes (Edit), and perform network requests (WebFetch).\n
- Sanitization: No validation or sanitization of the ingested content is specified.
Audit Metadata