dokumentera
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and process untrusted data from the local codebase (source code, existing documentation files, and git history).
- Ingestion points: Where untrusted data enters agent context:
SKILL.md(Step 1: Explore) and Update-and-verify mode (Step 1: Discover) read various files including source code, manifests, and existing documentation. - Boundary markers: Absent. The instructions do not specify the use of delimiters or system-level instructions to ignore embedded commands within the files being read.
- Capability inventory: The skill is capable of reading project files, writing to the file system (standard documentation artifacts), and executing shell commands (
git log,git mv). - Sanitization: Absent. There is no explicit requirement to sanitize or escape data read from the project files before re-incorporating it into documentation drafts.
- [COMMAND_EXECUTION]: The skill instructions include the execution of standard version control commands (
git log,git mv) to inspect project history and perform documentation restructuring. These operations are within the expected scope of a documentation management tool.
Audit Metadata