documentation-extraction
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to process and act upon untrusted external data sources.
- Ingestion points: Project documentation including README files, API documentation, technical specifications, and configuration files (e.g.,
.env,package.json,config.yaml) as defined inSKILL.md. - Boundary markers: Absent. The skill lacks instructions for the agent to use delimiters or to treat code blocks/commands within external documents as untrusted content.
- Capability inventory: The instructions explicitly direct the agent to "test documented commands and examples" and "run documented examples", which effectively bridges external data to command execution capabilities.
- Sanitization: Absent. There are no mechanisms described for validating, escaping, or filtering content extracted from documentation before the agent attempts to execute or interpret it.
Audit Metadata