doc-claude-md
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core documentation generation logic.
- Ingestion points: The
scripts/init_docs.pyscript reads and extracts data from project-level files includingpackage.json,pyproject.toml,Cargo.toml,go.mod, andREADME.md(specifically viadetect_project_typeandextract_readme_summary). - Boundary markers: The generated
AGENTS.mdfile, which is intended to serve as a primary instruction source for AI agents, incorporates this extracted content into markdown sections but fails to use specific security delimiters or 'ignore instructions' warnings around this untrusted content. - Capability inventory: The skill possesses the capability to modify project documentation (
CLAUDE.md,AGENTS.md) and execute system commands (tree). Instructions promoted intoAGENTS.mdcould potentially influence future agent actions in the project context. - Sanitization: There is no evidence of sanitization, validation, or escaping of the content extracted from external project files before it is written into the documentation.
- [COMMAND_EXECUTION]: The skill executes the system
treecommand to generate directory structure visualizations. - Evidence: Found in
scripts/init_docs.pyandscripts/validate_docs.pyusingsubprocess.runcalls to thetreebinary. - Context: The execution is performed safely using a list of arguments and the default
shell=False, which prevents command injection from the path arguments. The execution is limited to a specific utility for documentation purposes.
Audit Metadata