product-context-docs
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads repository files to generate documentation, which represents an attack surface where malicious content in those files could influence agent behavior.
- Ingestion points: README.md, existing documents in the docs/ directory, product briefs, and architecture/design notes.
- Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the source files.
- Capability inventory: The skill utilizes filesystem tools (Read, Glob, Grep, Write, Edit) to modify documentation within the repository.
- Sanitization: Absent; the skill does not explicitly validate or sanitize content ingested from the repository before processing.
- [NO_CODE]: The skill does not include any executable scripts, binaries, or complex code logic; it consists entirely of Markdown instructions and templates.
Audit Metadata