md-docs
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use shell commands such as
mv,ln,cp, andtestto organize documentation files, create symlinks for compatibility, and manage backups. These operations are restricted to the local project environment and are consistent with the skill's primary purpose. - [PROMPT_INJECTION]: The skill processes content from untrusted external files (e.g.,
package.json,README.md,pyproject.toml) to automatically generate or update documentation. This creates a surface for indirect prompt injection where malicious instructions embedded in project metadata could attempt to influence the agent's behavior. - Ingestion points: Workflow files
SKILL.md,references/init-agents.md,references/update-agents.md, andreferences/update-readme.mdspecify readingpackage.json,pyproject.toml,composer.json,README.md, and other project configuration files. - Boundary markers: None identified; instructions do not provide delimiters or specific warnings to ignore embedded commands within the ingested data.
- Capability inventory: The skill has the ability to write to documentation files (
AGENTS.md,README.md, etc.) and perform file system manipulations using shell commands (mv,cp,ln,ls,tree,cat). - Sanitization: No explicit sanitization or filtering of the content extracted from project files is described before it is processed by the agent.
Audit Metadata