Technical Documentation Engine
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data from project repositories to generate documentation and automation scripts.
- Ingestion points: Project READMEs, API endpoints (POST /users), and general documentation files are read by the agent (README.md).
- Boundary markers: None detected. The documentation provides no evidence of delimiters or instructions to ignore embedded commands within the audited data.
- Capability inventory: The skill claims to 'Automate with docs-as-code pipeline setup' and 'Maintain docs,' which implies file write access and potential modification of shell scripts or CI configurations (README.md).
- Sanitization: None detected. There is no evidence of content escaping or validation logic to prevent external data from being interpreted as instructions.
- [No Code Implementation] (LOW): The provided skill package contains only a README and metadata. While it describes high-risk capabilities, the actual implementation prompts and scripts are missing from the analyzed files.
- [Unverifiable Dependencies] (MEDIUM): The README suggests installation via 'clawhub', an unrecognized package management utility that does not appear in the trusted source list.
Recommendations
- AI detected serious security threats
Audit Metadata