ln-115-devops-docs-creator
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive local file paths including ~/.ssh/config and .env.example to extract infrastructure data and environment variable keys.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. Ingestion points: reads untrusted data from package.json, docker-compose.yml, and git logs. Capability inventory: writes documentation to the local filesystem (docs/project/). Sanitization and boundary markers: both are absent in the skill instructions for handling the interpolated project data.
- [EXTERNAL_DOWNLOADS]: Fetches shared assets and templates from the author's GitHub repository (levnikolaevich/claude-code-skills) when they are not found in the local environment.
Audit Metadata