library-docs-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes
gh(GitHub CLI) andgitfor repository discovery, metadata queries, and cloning. These are standard operations for a documentation research utility. - EXTERNAL_DOWNLOADS (LOW): Content is downloaded from external GitHub repositories to provide context for the skill generation process.
- PROMPT_INJECTION (LOW): There is a potential for Indirect Prompt Injection (Category 8) because the skill incorporates untrusted data from external repositories into its output. • Ingestion points:
llms.txt,README.md, and directory structures fetched via GitHub API and git. • Boundary markers: Absent; external content is placed into placeholders without delimiters or instructions to ignore embedded commands. • Capability inventory: File-writing to the.claude/skills/directory and execution of CLI tools. • Sanitization: No validation or sanitization is performed on the ingested markdown strings before they are incorporated into the generated skill.
Audit Metadata