update-docs

The update-docs skill was analyzed for potential security threats across all 9 categories. The skill primarily describes a multi-agent workflow for updating project documentation and includes several bash commands for local file system operations.

1. Prompt Injection: No patterns indicative of prompt injection were found. The skill's instructions are clear and do not attempt to override the AI's core safety guidelines or role.

2. Data Exfiltration: The skill uses find, grep, git status, and git show commands. These are standard local file system and version control operations. No curl, wget, or similar network commands were found that could exfiltrate sensitive data to external domains. There is no access to sensitive file paths like ~/.aws/credentials or ~/.ssh/id_rsa.

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in the skill's content.

4. Unverifiable Dependencies: The skill references internal components like @/plugins/sdd/agents/tech-writer.md, Context7 MCP, and various AI models (Haiku, Sonnet, Opus). It does not attempt to install or fetch external, unverified dependencies from untrusted sources.

5. Privilege Escalation: No commands such as sudo, doas, chmod +x, chmod 777, or attempts to modify system files (/etc/) or install services were found.

6. Persistence Mechanisms: No commands were found that would establish persistence, such as modifying shell configuration files (.bashrc), creating cron jobs, or altering SSH authorized keys.

7. Metadata Poisoning: The name and description fields are benign and accurately reflect the skill's purpose.

8. Indirect Prompt Injection: The skill is designed to analyze and process external content, specifically local code changes (git diff) and existing documentation. As with any skill that processes user-provided or external text, there is an inherent, low risk of indirect prompt injection if the input content itself contains malicious instructions. However, the skill itself does not introduce specific vulnerabilities in this area; it's a general characteristic of its function.

9. Time-Delayed / Conditional Attacks: The skill uses conditional logic (e.g., "If there are 3+ changed files...", "If no uncommitted changes...") to guide its workflow. These conditions are benign and operational, not indicative of malicious time-delayed or environment-specific triggers.

Overall, the skill is well-defined, uses safe commands, and does not exhibit any malicious patterns.