doc-sync-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill implements a workflow for 'Indirect Prompt Injection' (Category 8).
- Ingestion points: The skill explicitly prompts the agent to process external, potentially untrusted content including 'file content' (SKILL.md:65), 'validation schemas' (SKILL.md:87), and 'git commits' (SKILL.md:144).
- Boundary markers: It uses standard markdown triple-backticks as delimiters, which are insufficient to prevent an attacker from 'breaking out' of the data context using their own backticks.
- Capability inventory: The agent is given instructions to perform file-write operations, including updating JSDoc in source files (SKILL.md:60), updating README files (SKILL.md:113), and writing to CHANGELOG.md (SKILL.md:141).
- Sanitization: There is no evidence of sanitization, escaping, or explicit instructions for the agent to ignore natural language instructions found within the source code or commits being processed.
- EXTERNAL_DOWNLOADS (LOW): The skill recommends several external node packages for verification and automation (SKILL.md:213-221).
- Packages:
markdown-link-check,@redocly/cli, andts-nodeare recommended vianpx. - Trust Status: These are generally well-known community tools, but using
npxwithout pinned versions or hashes carries a minor risk of dependency confusion or supply chain compromise.
Recommendations
- AI detected serious security threats
Audit Metadata