agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No evidence of role-play, DAN-style instructions, or system prompt extraction was found. The instructional language is standard for a developer tool.
- Data Exposure & Exfiltration (SAFE): Example files in the
references/directory use appropriate placeholders (e.g.,your-api-key,change-me-in-production). No commands that exfiltrate sensitive files (like~/.aws/credentials) to external domains were detected. - Unverifiable Dependencies & Remote Code Execution (SAFE): The skill utilizes standard tools like
jq,git, andgh. Remote code execution patterns are limited to pulling a Docker image from a trusted registry (ghcr.io/typo3-documentation/render-guides:latest) for documentation rendering. - Obfuscation (SAFE): No multi-layer Base64, zero-width characters, or homoglyph attacks were found. Integrity hashes in lockfiles are standard and non-malicious.
- Privilege Escalation (SAFE): No usage of
sudo,chmod 777, or dangerous permission changes was detected. - Indirect Prompt Injection (LOW): The skill ingests untrusted project metadata (e.g., package names, script descriptions) to generate documentation. While this is an inherent attack surface for documentation generators, the skill uses standard parsing techniques and does not have high-privilege write capabilities outside of generating the
AGENTS.mdfile itself.
Audit Metadata