docs-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): Instructional keywords such as 'MANDATORY', 'CRITICAL', and 'IMPORTANT' are used to define output formatting and tool orchestration for documentation reviews. They do not attempt to bypass agent safety filters or override core system behavior.
- [Indirect Prompt Injection] (SAFE): The skill possesses a surface for indirect prompt injection because it processes untrusted documentation data. 1. Ingestion points: Markdown files and PR diffs are read using 'Read' and 'mcp__github__get_pull_request_diff'. 2. Boundary markers: No delimiters or ignore instructions are specified for the ingested content. 3. Capability inventory: The skill has access to 'Bash' and can write comments to GitHub PRs. 4. Sanitization: No sanitization of the input documentation is performed. The risk is considered acceptable given the primary purpose of the skill.
- [Data Exposure & Exfiltration] (SAFE): The skill interacts with the local filesystem and GitHub to perform documentation reviews. It does not access sensitive system paths (e.g., ~/.ssh) or exfiltrate data to unauthorized domains.
- [Unverifiable Dependencies] (SAFE): No external package managers or remote script executions (e.g., curl to bash) are used by this skill.
Audit Metadata