skill-doc-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted SKILL.md files and interpolates their content into generated READMEs. Malicious instructions in analyzed files could persist in output documentation.
- Ingestion points: scripts/analyze_skill.py reads SKILL.md files.
- Boundary markers: Absent; text is directly placed in markdown templates.
- Capability inventory: File writing in scripts/document_directory.py and scripts/generate_readme.py.
- Sanitization: Absent for markdown content.
- Dynamic Execution (LOW): The skill implements yaml.safe_load() in scripts/analyze_skill.py, preventing RCE through unsafe deserialization of YAML data.
- Metadata Poisoning (LOW): README.md references the inclusion of pycache files. Distributing compiled bytecode is poor practice and can be used to hide malicious logic.
Audit Metadata