bootstrap-project-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation templates from the author's official GitHub repository at https://raw.githubusercontent.com/nesnilnehc/project-documentation-template/main/. These resources are used to bootstrap the documentation structure and are identified as vendor-owned assets.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and analyzes existing documentation files which may contain malicious instructions. (1) Ingestion points: Files within the 'docs/' directory are scanned and compared during the 'Adjust' mode as described in SKILL.md. (2) Boundary markers: No specific delimiters or 'ignore instructions' warnings are implemented for processing external document content. (3) Capability inventory: The skill has the capability to perform file-system write operations (renaming, moving, and editing markdown files) as defined in the 'Adjust Mode Steps' section of SKILL.md. (4) Sanitization: Risk is partially mitigated by a requirement for explicit user confirmation before any proposed changes are applied to the project.
Audit Metadata