repo-docs
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to persistently influence the agent's behavior by modifying the repository's
AGENTS.mdfile to include a directive to always use this skill. It also permits the agent to create documentation files without user consent if asking is deemed 'not practical.' These are functional features for autonomous documentation management and do not bypass core safety guardrails. - [COMMAND_EXECUTION]: The skill invokes an external audit command
/repo-docs-auditduring the task closeout phase. This is used for validating documentation sync and does not appear to involve arbitrary shell injection or untrusted execution. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it is designed to read and follow instructions contained within documentation files that may be modified by third parties in a repository environment.
- Ingestion points: The agent is instructed to read instructions and metadata from
AGENTS.md,/docs/WORK_IN_PROGRESS.md, and various plan and specification files (SKILL.md). - Boundary markers: No explicit delimiters or security markers are specified to separate documentation data from agent instructions.
- Capability inventory: The skill has capabilities to write files to the repository and execute the
/repo-docs-auditvalidation tool. - Sanitization: There are no logic gates or sanitization steps defined for the content processed from external documentation files.
Audit Metadata