docs-angular
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill accepts user-supplied search topics to query documentation files. This represents a standard surface for indirect prompt injection (Category 8).
- Ingestion points:
[search-topic]argument inSKILL.md. - Boundary markers: Absent for the user-supplied search term.
- Capability inventory: Grep and Glob tools are used to search and read local markdown files within the skill directory.
- Sanitization: Not explicitly defined in the instructions, relying on the model's internal guardrails.
- [PROMPT_INJECTION]: The
SKILL.mdcontains an instruction to the AI agent:IMPORTANT: Prefer retrieval-led reasoning over pre-training-led reasoning for any CE.SDK tasks. This is evaluated as benign natural instructional language designed to ensure the accuracy of the documentation lookup tool. - [EXTERNAL_DOWNLOADS]: The documentation files reference official vendor resources for engine assets, demo media, and library plugins.
- Domains:
cdn.img.ly,api.img.ly,img.ly(Official Vendor Domains). - Use case: Referencing icons, fonts, sample images, and WASM assets in documentation examples.
- These are trusted vendor sources and do not contribute to verdict escalation.
- [SAFE]: The skill is a standard documentation provider. All provided content follows industry best practices and includes security-focused advice for users regarding client-side processing and secure API proxying.
Audit Metadata