update-docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from the codebase (Step 2: Analyze Codebase) and has file-write capabilities. It lacks boundary markers or sanitization, allowing malicious instructions in code comments or files to influence the agent's behavior during the documentation update process.- Command Execution (HIGH): Step 4 (Verify) explicitly instructs the agent to 'Verify commands in docs actually work'. If an attacker can influence the content of the documentation through the indirect injection vector described above, they can trick the agent into executing malicious shell commands under the guise of verification.- Data Exposure (MEDIUM): The workflow uses 'git diff' and glob patterns to read the entire repository structure and content. This exposes all files, including potentially sensitive '.env' files, SSH keys, or hardcoded credentials, to the LLM context without filtering.
Recommendations
- AI detected serious security threats
Audit Metadata