Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-incident-runbook/Gen Agent Trust Hub

documenso-incident-runbook

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches service status information from Documenso's official status page.\n
  • Evidence: Uses curl to access https://status.documenso.com/api/v2/status.json for health diagnostics in SKILL.md.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes external API data and infrastructure logs.\n
  • Ingestion points: Data enters the agent context through curl responses and log retrieval via kubectl logs and docker logs in SKILL.md and references/implementation-guide.md.\n
  • Boundary markers: No markers are present to separate untrusted data from the agent's instructions.\n
  • Capability inventory: The agent has access to Bash for performing network requests and modifying cluster configurations.\n
  • Sanitization: The skill does not sanitize log content or API data before processing.\n- [COMMAND_EXECUTION]: Employs administrative tools to diagnose and mitigate service issues.\n
  • Evidence: Uses kubectl set env and docker exec to manage application state and inspect containers in references/implementation-guide.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:01 AM