compound-docs
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform local file system operations, such as creating directories withmkdirand searching existing documentation withgrep. It also executes a provided validation script (scripts/validate-frontmatter.sh) to ensure metadata consistency. These commands are executed locally and operate on paths managed by the skill. - [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection because it reads untrusted conversation history to populate documentation fields.
- Ingestion points: Extracts problem details (module, symptom, root cause, solution) from the conversation context in Step 2 of
references/documentation-process.md. - Boundary markers: Not explicitly defined in the file-writing process to separate user data from documentation structure.
- Capability inventory: Includes the
Writetool for file creation and theBashtool for directory management and validation. - Sanitization: Mitigated by strict filename sanitization (Step 4) and a comprehensive YAML schema with enum-validated fields (Step 5 and
schema.yaml), ensuring that processed content adheres to expected formats.
Audit Metadata