Skills
skills/petekp/agent-skills/optimize-agent-docs/Gen Agent Trust Hub

optimize-agent-docs

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface (Category 8).
  • Ingestion points: The skill reads all markdown files within dotfile directories (.claude/, .cursor/, etc.) and root instruction files (CLAUDE.md, INSTRUCTIONS.md).
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill generates a KNOWLEDGE.md file designed to be the agent's 'always-loaded' context. If the source documentation contains malicious instructions (e.g., hidden in HTML comments or prose), the agent is instructed to extract them as 'Critical Rules' or 'Procedures'.
  • Sanitization: None. The skill assumes all content in the scanned documentation is authoritative and safe, creating a persistent 'instruction poisoning' vector.
  • [COMMAND_EXECUTION] (LOW): Local shell command usage.
  • Evidence: The workflow utilizes find, grep, and wc to perform file discovery and analysis. While these are standard utilities, they are executed via the agent's shell capability on the local filesystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:28 AM