update-docs
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several local shell operations to manage documentation branches and analyze changes.
- Evidence: Uses
git rev-parse,git checkout,git pull,git diff, andgrepcommands across several steps. - The
DOCS_PATHvariable and branch names are interpolated directly into shell strings, which is a common pattern for developer-oriented tools but requires the user to provide a trusted path. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from source code and documentation files.
- Ingestion points: Reads source code files (e.g.,
src/pipecat/**/*.py), documentation files (.mdx), and git diff outputs in Step 5 and Step 7. - Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' warnings for the data being analyzed.
- Capability inventory: The agent has capabilities to execute local shell commands (
git,grep), read files, and write/edit files on the local disk. - Sanitization: There is no evidence of sanitization or filtering of the content read from the source or doc files before the agent analyzes it to make editing decisions.
Audit Metadata