doc-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill reads and synthesizes information from files like AGENTS.md, CLAUDE.md, and others that could be attacker-controlled in an untrusted project directory.
- Ingestion points: SKILL.md Step 2 reads the complete contents of all found documentation files.
- Boundary markers: The instructions lack any delimiters or system-level warnings to treat the file content as data rather than instructions.
- Capability inventory: The skill is granted 'Glob', 'Read', 'Write', and 'Bash' tools, which provides a high-privilege execution environment for potential injected instructions.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the documentation content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata