update-docs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from the codebase and git history without explicit sanitization or boundary markers.
- Ingestion points: The skill reads
package.json(Agent 1), source code files insrc/*,lib/*,packages/*, andapp/*(Agents 2, 4), and git history (Agent 3). - Boundary markers: No delimiters or "ignore embedded instructions" warnings are present in the agent prompts to prevent the model from following instructions found within the files it audits.
- Capability inventory: The skill possesses the capability to read files, write/update documentation files, and perform git commits.
- Sanitization: There is no evidence of content sanitization or validation of the data extracted from the codebase before it is interpolated into documentation templates.
Audit Metadata