document-project
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted source code from the project directory to generate documentation content.\n
- Ingestion points: PHP files and composer.json are read using the Read, Glob, and Grep tools.\n
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present when interpolating file content into Notion templates.\n
- Capability inventory: The skill can execute bash commands and write to Notion pages via MCP tools.\n
- Sanitization: No validation or filtering of the scanned code is performed before it is processed by the AI.\n- [COMMAND_EXECUTION]: The skill uses restricted Bash commands such as 'ls', 'cat', and 'php artisan' to verify the project structure and extract version information. These operations are limited to informational tasks.\n- [DATA_EXFILTRATION]: The skill extracts technical data from the local project and transmits it to Notion. While this involves sending potentially sensitive source code metadata to a remote service, it is the primary function of the skill and targets a well-known technology service.
Audit Metadata