skills/jeremylongshore/claude-code-plugins-plus-skills/sdk-documentation-generator/Gen Agent Trust Hub
sdk-documentation-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill's primary function is to ingest external SDK code/content, and it lacks boundary markers or sanitization instructions. Given its 'Write' and 'Bash' capabilities, malicious instructions hidden in processed code could lead to unauthorized file modifications or command execution.
- Ingestion points: Implicitly reads SDK source files and API definitions.
- Boundary markers: None specified in the SKILL.md.
- Capability inventory: Access to 'Bash', 'Write', 'Edit', 'Read', and 'Grep'.
- Sanitization: No sanitization or validation of the input data is mentioned.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly requests the 'Bash' tool. While no malicious commands are hardcoded, providing a documentation generator with shell access significantly increases the attack surface for code-based injections.
- [NO_CODE] (SAFE): No external Python/Node.js packages or remote scripts are referenced in the analyzed file.
Recommendations
- AI detected serious security threats
Audit Metadata