api-documenter
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk attack surface by reading external, potentially attacker-controlled code and comments while having 'Write' tool access.
- Ingestion points: As stated in SKILL.md, the skill monitors and reads route files, controller files, and code comments to extract documentation.
- Boundary markers: The skill definition lacks any mention of delimiters or instructions to the agent to disregard embedded natural language commands within the code it parses.
- Capability inventory: The skill is granted 'Read', 'Write', and 'Grep' permissions. The 'Write' tool is a high-privilege capability that could be abused if the agent's reasoning is compromised by an injection.
- Sanitization: No sanitization or validation processes are described for the content extracted from comments before it influences the agent's output or actions.
- Data Exposure (LOW): The 'Read' and 'Grep' tools, while intended for documentation, could be repurposed via injection to scan for sensitive local files like configuration secrets or private keys.
Recommendations
- AI detected serious security threats
Audit Metadata