documentation-research
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The skill uses authoritative language to enforce a documentation-first workflow but does not contain commands to ignore safety filters, reveal system prompts, or bypass AI constraints.
- EXTERNAL_DOWNLOADS (SAFE): No external scripts, binaries, or software packages are referenced for download or installation.
- REMOTE_CODE_EXECUTION (SAFE): There are no shell commands, system calls, or dynamic execution patterns present in the file.
- DATA_EXFILTRATION (SAFE): The skill does not access sensitive local file systems or attempt to transmit data to external servers.
- INDIRECT_PROMPT_INJECTION (LOW): The skill creates an ingestion surface for untrusted data by instructing the agent to use
WebSearchandWebFetchfor documentation. - Ingestion points: External content retrieved via
WebSearch/WebFetch(referenced in SKILL.md). - Boundary markers: None present; the skill lacks specific delimiters to separate untrusted documentation content from instructions.
- Capability inventory: The skill itself has no execution capabilities (it is markdown only); however, it is designed to influence the agent's reasoning during subsequent code implementation tasks.
- Sanitization: None specified.
- Risk Assessment: While this represents an attack surface (malicious docs could contain instructions), the risk is minimal as the skill targets reputable official documentation sources and focuses on 'Display only' capabilities within the scope of this file.
Audit Metadata