ln-160-docs-skill-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external documentation files which present a surface for Indirect Prompt Injection. If these files contain malicious instructions disguised as procedural steps, they could be extracted into commands. This risk is effectively mitigated by the Phase 3 User Approval Gate and Phase 5 Reviewer Agent. Ingestion points: project docs. Capability inventory: skill creation. Sanitization: human and automated gates.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized exfiltration behaviors were detected. Vendor resources (ln-161, ln-162) are used as intended for worker delegation.
Audit Metadata