compound-docs
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local script
./scripts/log-skill.sh. While part of the intended workflow, executing file-system scripts is a capability that requires the script itself to be trusted. - [PROMPT_INJECTION] (LOW): Surface for Indirect Prompt Injection. The skill reads content from
docs/solutions/usinggrep. 1. Ingestion points: Document files indocs/solutions/processed by grep. 2. Boundary markers: Absent; the agent receives raw grep output without delimiters or instructions to ignore content. 3. Capability inventory: Shell commands (grep,ls) and local script execution (./scripts/log-skill.sh). 4. Sanitization: None; the skill does not specify how to escape or validate instructions found within documented solutions.
Audit Metadata