document-lifecycle
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs agents to use shell commands (
mkdir -p,mv,cat, andecho) for document lifecycle management. - Evidence:
SKILL.mdandclose-procedure.mdprovide bash snippets for creating directories and moving files toclosed/subfolders. - Context: These operations are restricted to the
agent-output/directory and are part of the intended administrative functionality (archiving documents). - [INDIRECT_PROMPT_INJECTION] (INFO): The skill processes document headers which could theoretically contain instructions if a malicious document were introduced.
- Ingestion points: Agents read the
Statusfield in YAML headers withinagent-output/files. - Boundary markers: YAML frontmatter markers (
---) are specified. - Capability inventory: File movement (
mv), directory creation (mkdir), and ID incrementing. - Sanitization: No explicit sanitization of the
Statusfield is mentioned, but the risk is negligible as the values are checked against a static list of terminal statuses.
Audit Metadata