context-first
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local shell script
find-docs.shto search the file system. While the script uses double-quotes for the keyword variable, it remains a mechanism for local file interaction that could be abused for resource consumption or unexpected grep behavior if the agent is misled. - [DATA_EXPOSURE] (LOW): The file
feature-mapping.mdcontains a hardcoded absolute path (/Users/fugen/codes/happy/docs/), which exposes the system's username and internal directory structure to the AI and potentially to logs. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Untrusted data enters the agent context through the reading of markdown files in the
docs/directory. - Boundary markers: None identified; documentation content is processed without clear delimiters or warnings to ignore embedded instructions.
- Capability inventory: The agent has the capability to execute shell scripts and perform code implementation tasks.
- Sanitization: No sanitization or validation is performed on the content of the documentation before it is summarized and used to inform actions.
Audit Metadata