skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-core-workflow-a/Gen Agent Trust Hub
documenso-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local files using 'fs.readFileSync' and 'node:fs.openAsBlob' and transmits their content to the Documenso service at 'app.documenso.com'. This data flow is expected for the skill's primary purpose of electronic document signing.\n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting untrusted data—specifically recipient names, emails, and file paths—which are then interpolated into API calls and file system operations.\n
- Ingestion points: Parameters for document creation and recipient management functions located in 'SKILL.md' and 'references/implementation-guide.md'.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the code examples.\n
- Capability inventory: The skill possesses capabilities for local file reading and external network requests to 'app.documenso.com'.\n
- Sanitization: There is no evidence of input validation, sanitization, or escaping of external content before it is processed by the agent.
Audit Metadata