gen-docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to run 'node docs/scripts/sync-changelog.mjs'. This provides a direct path for script execution that could be exploited if the script's content is modified by an external contributor.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external content and possesses significant capabilities. 1. Ingestion points: Processes git commit messages, staged changes, and project source code. 2. Capability inventory: Executes shell commands via node and modifies documentation files. 3. Boundary markers: None are defined in the instructions to separate data from commands. 4. Sanitization: No sanitization or validation of the ingested git/code content is performed. An attacker could embed malicious instructions in a commit message or code comment that the agent might interpret as a command.
Recommendations
- AI detected serious security threats
Audit Metadata