doc-update
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
git log,git branch, andgrepto gather information about the project's state. These are read-only operations for context discovery and do not involve high-risk commands or privilege escalation. - [SAFE]: A critical safeguard is implemented in Step 7, which requires explicit user approval ('Czy zatwierdzić te zmiany w dokumentacji?') before the agent is permitted to stage or commit changes to the repository. This prevents unauthorized or autonomous modifications to the project's source or documentation.
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it ingests and processes existing markdown files and git logs from the repository.
- Ingestion points: Reads project documentation (
.mdfiles),PROGRESS_TRACKER.md, andCLAUDE.md. - Boundary markers: Not explicitly defined for the read operations, though the skill is designed to condense and remove content rather than interpret instructions within the text.
- Capability inventory: Accesses file system (read/write), project metadata (
git), and search utilities (grep,glob). - Sanitization: No specific text sanitization is mentioned, but the mandatory user review of the final output acts as a primary control mechanism.
Audit Metadata