project-docs
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted external codebase content (source code, config files) to generate documentation. Malicious instructions hidden in comments or code within a project could theoretically influence the agent's behavior during the documentation process.\n
- Ingestion points: Workflow instructions specify reading source files (
src/*), configuration files (package.json,wrangler.jsonc), and database schemas (e.g.,schema.ts) from the user's project.\n - Boundary markers: There are no defined delimiters or explicit "ignore embedded instructions" directives for the data ingested during the scanning phase.\n
- Capability inventory: The skill possesses powerful capabilities including Bash, Write, Edit, and Read tools, which increases the impact surface if the agent were to follow instructions embedded in project files.\n
- Sanitization: The instructions do not define any validation, escaping, or filtering logic for the content read from the codebase.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for directory scanning and technology stack detection (e.g., checking for the presence of
wrangler.tomlorvite.config.ts). These operations are used for local environment analysis and are consistent with the skill's stated purpose, presenting minimal risk.
Audit Metadata