doc-maintenance
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and interprets git commit messages to classify changes and audit documentation. Commit messages are externally controlled data that could contain instructions designed to influence the agent's output.\n
- Ingestion points: Git commit logs are retrieved using
git logand processed in the workflow (SKILL.md, Step 2 and 3).\n - Boundary markers: There are no specific delimiters or instructions provided to the agent to ignore potential commands embedded within commit messages.\n
- Capability inventory: The skill has the capability to modify project documentation (
README.md,doc/SPEC.md,doc/PRODUCT.md), commit those changes, and create pull requests via the GitHub CLI (gh) in the workflow (SKILL.md, Step 5 and 6).\n - Sanitization: The skill does not perform sanitization or validation of the commit message content before it is used to build a change summary or perform the document audit.\n- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools, specifically
gitfor version control history and state management, andgh(GitHub CLI) for creating pull requests. These tools are used for their intended purpose within the documentation maintenance workflow and do not represent a security risk on their own.
Audit Metadata