docusaurus-config-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to automate technical documentation setup by reading and writing files, while also having access to the 'Bash' tool. This creates a high-risk surface for indirect prompt injection.\n
- Ingestion points: Local project files, existing Docusaurus configurations, and documentation content (SKILL.md).\n
- Boundary markers: Absent. There are no instructions to the agent on how to distinguish between configuration data and malicious instructions.\n
- Capability inventory: 'Bash', 'Write', 'Edit', 'Read', 'Grep' (SKILL.md).\n
- Sanitization: Absent. The skill instructions do not mandate validation or sanitization of ingested content before passing it to the shell or writing to disk.\n- Command Execution (HIGH): The skill explicitly requests the 'Bash' tool. When combined with the automated trigger and the ability to read project files, this allows for arbitrary command execution if the agent is influenced by malicious data within the processed documentation workspace.
Recommendations
- AI detected serious security threats
Audit Metadata