doc-pipeline
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform automated research and verification tasks. This includes running subagents for code analysis and executing shell commands derived from documentation artifacts. - [REMOTE_CODE_EXECUTION]: During the 'VERIFY' phase (Phase 4), the instructions explicitly require the agent to 'Run every code snippet in the documentation' and 'execute all code snippets to confirm correctness'. This results in the execution of potentially untrusted code found in the repository files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting and acting upon data from the codebase without adequate isolation.
- Ingestion points: Source code files and research findings gathered via the
Readtool and subagent analysis in 'Phase 1: RESEARCH'. - Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the processed code.
- Capability inventory: The skill has access to powerful tools including
Bash,Write, andEdit, which can be leveraged if an injection occurs. - Sanitization: There is no evidence of validation, escaping, or filtering of the code snippets before they are passed to the
Bashtool for execution.
Audit Metadata