docs-write
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content (documentation files) and possesses high-privilege capabilities (Bash execution and file writing), creating an attack surface where malicious instructions in documentation could influence agent behavior.
- Ingestion points: Documentation files (.md, .mdx) read via Read or Glob tools as described in the skill's purpose.
- Boundary markers: Absent; instructions do not specify delimiters or 'ignore embedded instructions' warnings for external content.
- Capability inventory: Bash, Write, Read, Grep, Glob tools are explicitly allowed in the skill's YAML frontmatter.
- Sanitization: Absent; no validation or filtering of content is defined before processing or passing to tools.
- [Command Execution] (HIGH): The skill explicitly permits the use of the Bash tool and instructs the agent to run 'yarn prettier --write '. While intended for formatting, the unrestricted Bash capability paired with untrusted input processing allows for arbitrary command execution.
Recommendations
- AI detected serious security threats
Audit Metadata