technical-docs
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing an additional skill using 'npx skills add oakoss/agent-skills --skill mermaid-diagrams'. The author 'oakoss' is not a trusted organization. This finding is downgraded because diagram-as-code is a core documentation task supported by the skill.
- COMMAND_EXECUTION (LOW): Documentation templates for runbooks in 'references/runbooks-and-onboarding.md' include administrative commands like 'kubectl set env' and 'psql' for terminating processes. These are high-privilege operations, but are presented as static templates for technical documentation purposes rather than instructions for immediate execution.
- PROMPT_INJECTION (LOW): The skill creates a surface for indirect prompt injection by processing untrusted code comments and pull request descriptions. 1. Ingestion points: Code comments and PR descriptions are ingested for AI-assisted drafting (referenced in 'references/ai-collaboration.md'). 2. Boundary markers: No explicit delimiters or guardrails are defined for this process. 3. Capability inventory: The skill uses tools like 'git' and 'rg' and includes templates for administrative tools like 'kubectl' and 'psql'. 4. Sanitization: There is no evidence of input validation or sanitization for analyzed external content.
Audit Metadata