doc-claude-md
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating untrusted data from the local project (e.g., project descriptions from 'package.json' or 'README.md') into the generated 'AGENTS.md' file, which is used to guide agent behavior.\n
- Ingestion points: 'scripts/init_docs.py' reads project names, descriptions, and scripts from 'package.json', 'pyproject.toml', 'Cargo.toml', and 'README.md'.\n
- Boundary markers: The generated documentation uses standard Markdown headers but lacks specific instructions or delimiters to isolate the untrusted content from the agent's core instructions.\n
- Capability inventory: The skill has the capability to execute system commands ('tree') and perform file write operations to create documentation.\n
- Sanitization: There is no sanitization or validation performed on the extracted metadata before it is written to the documentation files.\n- [COMMAND_EXECUTION]: The skill executes the system 'tree' command via 'subprocess.run' to generate repository structure visualizations.\n
- Implementation: This is performed in 'scripts/init_docs.py' and 'scripts/validate_docs.py' using a list of arguments to prevent shell injection.\n
- Context: This execution is a primary function of the skill to provide a high-level overview of the codebase structure for documentation purposes.
Audit Metadata