nabledge-6
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted user code files to generate documentation.
- Ingestion points: workflows/code-analysis.md (Step 1) uses the Read tool to ingest user-provided source code files from the workspace.
- Boundary markers: Absent. The skill does not employ specific delimiters or 'ignore instructions' warnings when interpolating user code content into the agent's context.
- Capability inventory: The skill uses Bash to execute local scripts (workflows/code-analysis.md), Read to access files, and Write to generate documentation files in the .nabledge/ directory.
- Sanitization: Absent. There is no evidence of filtering or escaping logic applied to the ingested file content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes local Bash scripts that dynamically assemble jq filters from user-provided keywords, which could be exploited for logic injection.
- Evidence: scripts/full-text-search.sh assembles a jq expression using keywords without escaping double quotes, potentially allowing for jq expression injection within the process.
- Logic: workflows/_knowledge-search/_full-text-search.md executes this script using the Bash tool to search knowledge files.
Audit Metadata