Skills
skills/famaoai-creator/gemini-skills/doc-sync-sentinel/Gen Agent Trust Hub

doc-sync-sentinel

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFENO_CODE
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill analyzes untrusted external content (source code, commits, and comments) and possesses write capabilities (proposing PRs). This creates a high-risk surface where an attacker could embed instructions in code to manipulate the agent's output or actions. Evidence: SKILL.md 'Capabilities' section.
  • [Credentials Unsafe] (HIGH): The skill's 'Knowledge Protocol' states it integrates confidential/personal tiers and 'prioritizes the most specific secrets'. Documentation tools should not interact with secrets, making this a significant data exposure risk. Evidence: SKILL.md 'Knowledge Protocol'.
  • [No Code] (MEDIUM): The primary execution logic 'scripts/check.cjs' is missing from the provided files, preventing a full audit of the skill's runtime behavior. Evidence: package.json 'main' field.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:19 PM