technical-writer
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it ingests untrusted data from the codebase to generate documentation. Maliciously crafted content within the project files or git commit history could potentially influence the documentation agents' output or behavior.
- Ingestion points: The scanner-agent reads git logs and file structures, while the concept-extractor-agent and staleness-checker-agent read source code contents and git diffs.
- Boundary markers: No explicit instructions for the agents to ignore or use delimiters for content extracted from the codebase were found in the prompts.
- Capability inventory: The skill has the capability to write files to the filesystem and execute git-related commands via the Bash tool.
- Sanitization: No specific validation or sanitization of codebase data is mentioned before it is interpolated into agent contexts.
- [COMMAND_EXECUTION]: The skill uses the Bash tool for repository management tasks such as running git log, git diff, and git tag. It also uses shell capabilities to save documentation artifacts to the project directory. These commands are within the expected scope of the skill's technical writer purpose.
Audit Metadata