code-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill facilitates Indirect Prompt Injection (Category 8) by requiring the agent to interpret and act upon untrusted external code comments. * Ingestion points: The workflow requires reading and analyzing entire source files, test files, and story files (references/workflow.md). * Boundary markers: Absent. There are no delimiters or instructions provided to distinguish the skill's rules from the potentially malicious content in the files being analyzed. * Capability inventory: The maintenance workflow explicitly directs the agent to delete code comments and modify documentation blocks based on their interpreted content (references/maintenance.md). * Sanitization: Absent. The agent is directed to 'synthesize findings' from raw code and comments without any validation or escaping mechanisms.
- [COMMAND_EXECUTION] (LOW): The skill relies on the execution of external tools to perform its tasks. * Evidence: The documentation workflow (references/workflow.md) directs the agent to execute specific commands from the 'typescript-lsp' skill, such as 'lsp-symbols', 'lsp-hover', and 'lsp-references'. * Context: While these are discovery operations, they represent the agent's ability to execute commands in the environment based on instructions derived from the skill.
Recommendations
- AI detected serious security threats
Audit Metadata