technical-doc-creator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8) due to its core workflow of processing external content without safeguards. Ingestion points: Workflow in SKILL.md extracts endpoints, parameters, and code from untrusted sources. Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore commands within the source data. Capability inventory: The skill possesses file write capabilities, specifically creating
[system]-docs.htmlon the local disk. Sanitization: Absent; the skill lacks logic to escape HTML or filter extracted content before interpolation into the template. - [COMMAND_EXECUTION] (MEDIUM): The skill performs automated filesystem write operations. While necessary for documentation generation, the lack of input validation means an attacker could potentially influence the file content or path via the extracted metadata.
Recommendations
- AI detected serious security threats
Audit Metadata