docs-workflow
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill's maintenance logic in commands/docs-claude.md and commands/docs-update.md specifies reading sensitive configuration files including .env and .env.local. This capability allows the agent to access potentially sensitive environment variable values, which poses a data exposure risk if the agent's behavior is manipulated into including secrets in documentation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it incorporates untrusted data from project files into its documentation templates without sanitization. Ingestion points: Reads package.json (name, description), wrangler.jsonc, and various project markdown files. Boundary markers: Uses {{PLACEHOLDER}} tags but lacks instructions to treat these as untrusted or ignore embedded commands. Capability inventory: Includes file system write operations and network connectivity via the npm CLI. Sanitization: No sanitization of the content being interpolated into documentation files is performed.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official npm registry using the npm view command to verify package versions. This is a legitimate documentation task targeting a well-known service.
Audit Metadata