update-component-reference
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data and has write capabilities. It reads content from external component files (commands, agents, skills) and interpolates that data into new MDX files within the website directory.
- Ingestion points: Reads from
plugins/handbook/{type}/{name}.md. - Boundary markers: The template uses markdown code blocks and raw-loader, but the skill lacks explicit instructions for the agent to ignore embedded commands within the source files during the interpolation process.
- Capability inventory: The skill can write new files to
website/docs/component-reference/and modifywebsite/src/css/custom.cssandwebsite/docs/plugins.md. - Sanitization: There is no evidence of sanitization or validation of the source content before it is processed.
- COMMAND_EXECUTION (LOW): The skill utilizes the
grepcommand in Step 2 to determine the nextsidebar_position. - Evidence:
grep -h "sidebar_position:" website/docs/component-reference/skills/*.mdx | sort -n. - Risk: While the command is specifically defined in the instructions, it operates on a directory containing files that could be influenced or created by external sources, posing a minor command execution risk.
Audit Metadata