tech-writer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill has a significant attack surface because it is designed to process external, potentially attacker-controlled content.
- Ingestion points: Processes
git log -p,git diff,SPEC.md, and user-provided notes. - Boundary markers: No specific boundary markers or delimiters (e.g., XML tags or special tokens) are defined to separate untrusted data from instructions.
- Capability inventory: The skill produces technical articles and Mermaid diagrams. While it does not perform direct file-system writes or network requests, the output is intended for publication, creating a risk of 'Output Poisoning' or 'Downstream Influence'.
- Sanitization: No sanitization or filtering logic is specified for the ingested content. A malicious commit message or document comment could influence the AI's persona or cause it to leak information in the final article.
- [Data Exposure] (LOW): The skill encourages the processing of internal development logs and specifications.
- Evidence: Instructions explicitly ask for
git log -pandARCHITECTURE.mdas input. - Context: While necessary for technical writing, users should be aware that sensitive information (secrets, proprietary logic) within these files will be exposed to the LLM during processing.
Audit Metadata