doc-writer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection via the PRD file. * Ingestion points: The skill reads docs/prd.md as its primary source of truth for all documentation tasks. * Boundary markers: Absent. There are no instructions or delimiters designed to isolate the PRD content from the agent's core logic or to warn the agent about potential instructions inside that file. * Capability inventory: The agent is given instructions to write and modify files within the docs/ directory based on the ingested content. * Sanitization: Absent. The agent is encouraged to directly reflect and extract information from the PRD into new files. * Risk: A compromised PRD file could contain malicious instructions that the agent might follow while generating documentation, potentially leading to the inclusion of harmful links or incorrect technical information in the project repository.
Audit Metadata