review-doc-consistency
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The checklist in
checklist.md(Section 5) instructs the agent to verify if build commands, test commands, and 'Quick Start' steps execute successfully. This requires the agent to run arbitrary scripts and commands found in the documentation of the project being reviewed. As the source documentation is untrusted external data, this is equivalent to executing untrusted code. This finding is downgraded from HIGH to MEDIUM as it is associated with the intended primary purpose of the skill. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process documentation and code files, which creates a surface for indirect prompt injection if the files contain malicious instructions.
- Ingestion points: README.md, docs/**/*.md, and contract files (OpenAPI/proto/GraphQL/TS).
- Boundary markers: Absent; no specific instructions are given to the agent to treat documentation content as untrusted data or to use delimiters.
- Capability inventory: The skill has the capability to read local files and execute shell commands (as noted in the RCE finding).
- Sanitization: None; the instructions do not mention sanitizing or validating the contents of the files before processing or execution.
- [Metadata Poisoning] (SAFE): The metadata fields (name, description) accurately reflect the skill's functionality and do not contain deceptive instructions.
Audit Metadata