docs-write
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core function of processing external data and its available capabilities.
- Ingestion points: The skill reads untrusted data from code changes, PR descriptions, review feedback, database schemas, and UI mockups (via 'look_at').
- Boundary markers: There are no boundary markers or instructions to the agent to disregard embedded instructions within the ingested data.
- Capability inventory: The skill is capable of modifying files (writing documentation) and executing a shell script ('bash skills/docs-check/scripts/check-docs.sh').
- Sanitization: No sanitization or validation of the external content is performed before it is used to influence agent actions.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to execute a local bash script for verification.
- Evidence: Step 9 of the workflow directs the execution of 'bash skills/docs-check/scripts/check-docs.sh'.
- Risk: While the script is local to the skill set, executing code in the same context where potentially malicious external documentation has been generated increases the risk of execution-flow manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata