vitepress-migration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection through untrusted data ingestion.
- Ingestion points: The skill processes all Markdown documents within a user-provided
<source-dir>during the normalization and cleanup phases (Step 2 and Step 7). - Boundary markers: Absent. There are no delimiters or instructions provided to isolate untrusted file content from the agent's logic.
- Capability inventory: The agent is instructed to execute Python scripts (
scripts/detect_issues.py,scripts/cleanup.py) and NPM commands (npm run docs:dev), creating a path for malicious content to influence execution. - Sanitization: Absent. No validation or escaping is performed on the documentation content before it is processed by the agent or passed to shell commands.
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to execute shell commands and local Python scripts. The logic within
scripts/detect_issues.pyandscripts/cleanup.pyis opaque and unverifiable as the script contents were not provided for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata