Skills
skills/levnikolaevich/claude-code-skills/ln-100-documents-pipeline/Gen Agent Trust Hub

ln-100-documents-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from legacy documentation files.\n
  • Ingestion points: Phase 0.1 (Legacy Detection) and Phase 4.1 (Duplicate Scan) read existing project files such as README.md, ARCHITECTURE.md, and documentation/**/*.md using the Glob and Read tools.\n
  • Boundary markers: There are no explicit markers or instructions provided to the agent to disregard embedded commands or instructions within the legacy content during extraction or injection.\n
  • Capability inventory: The skill utilizes the Skill tool for sub-skill invocation, the Edit tool for writing/modifying files, and the Delete tool for removing files.\n
  • Sanitization: The skill lacks sanitization or validation of the extracted content before it is merged into the contextStore or written to new documentation files.\n- [COMMAND_EXECUTION]: The orchestrator performs high-privilege file system operations and automated tool invocations.\n
  • File Deletion: Phase 0.6 explicitly instructs the agent to delete standalone legacy files (e.g., ARCHITECTURE.md) after they are migrated to the new structure.\n
  • Automated Skill Invocation: Phase 2 uses the Skill tool to automatically trigger a sequence of five other skills (ln-110 to ln-150) without individual per-step user approval after the initial confirmation.\n
  • Mass File Modification: Phase 3 (Global Cleanup) uses the Edit tool to modify all discovered .md files in the docs/ directory to remove duplicates and fix links.\n- [DATA_EXFILTRATION]: The skill exposes sensitive architectural and configuration data to the agent context.\n
  • Metadata Extraction: The references/legacy_detection_patterns.md file defines patterns to scan for and extract details about API endpoints, authentication methods, database schemas, infrastructure specs (IPs, hostnames), and environment variables (env_vars). While this is intended for documentation, it brings sensitive system metadata into the LLM processing environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:59 PM