docs-to-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to ingest untrusted web content and transform it into agent instructions (SKILL.md). This is a primary vector for Indirect Prompt Injection. Evidence: Ingestion points: Documentation URLs via crawler. Capability inventory: Generates SKILL.md, scripts/quickstart.ts, and package.json. Boundary markers: None present. Sanitization: None present.
- REMOTE_CODE_EXECUTION (HIGH): The skill generates and saves executable TypeScript files based on documentation patterns. Malicious documentation can influence these patterns to include harmful commands that execute when the skill or its generated scripts are invoked.
- EXTERNAL_DOWNLOADS (HIGH): Automated scanners flagged 'client.do' as a phishing URL associated with the skill. The skill also performs automated crawling of external URLs, which could be exploited for SSRF or to trigger further malicious downloads.
- DATA_EXFILTRATION (MEDIUM): The skill extracts environment variable signatures and generates .env.example files. This behavior could be subverted to exfiltrate actual secrets if an attacker-controlled doc influences the script generation to send data to an external endpoint.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata