docs-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to fetch documentation from official domains including tailwindcss.com, rubyonrails.org, and docs.reducto.ai. These operations are consistent with the skill's primary research purpose.
- [COMMAND_EXECUTION]: The skill utilizes the
bundle showcommand to locate installed Ruby gems for source code inspection, which is a routine local developer operation. - [PROMPT_INJECTION]: As the skill ingests content from external websites, it possesses an attack surface for indirect prompt injection. • Ingestion points: Content retrieved from documentation URLs via WebFetch. • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation templates. • Capability inventory: Local shell command execution (
bundle show) and web fetching capabilities. • Sanitization: No sanitization or validation of the fetched external documentation content is specified.
Audit Metadata