Documentation review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by design. It is instructed to read and verify user-provided documentation which may contain malicious instructions designed to hijack the agent or its sub-agents.
- Ingestion points: User-provided documentation is read as the primary input (SKILL.md).
- Boundary markers: The instructions lack delimiters or explicit warnings to ignore instructions embedded within the reviewed documentation.
- Capability inventory: The skill has the capability to launch other agents (e.g., @agent-toolhive-expert, Explore agent) and pass data derived from the untrusted documentation (e.g., CLI arguments, Kubernetes manifests) to them.
- Sanitization: There is no evidence of sanitization, validation, or escaping of the external content before it is processed or passed to other tools.
- [Safe] (SAFE): No malicious code, unauthorized network calls, hardcoded credentials, or persistence mechanisms were detected. The skill consists entirely of markdown instructions.
Audit Metadata