documenting-processes
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted dialogue history and user notes, creating an attack surface for indirect prompt injection. 1. Ingestion points: Dialogue history and user notes referenced in SKILL.md. 2. Boundary markers: Absent; the prompt does not define delimiters for untrusted input. 3. Capability inventory: Limited to internal reasoning and Markdown document generation with no external file-write or network access. 4. Sanitization: Absent; specifically forbidden by the core principles to ensure fidelity.
- Data Exposure & Exfiltration (LOW): The fidelity core principle (保真优先) and the instruction to include all logs and error stacks (必须保留文本记录) create a risk of credential exposure if secrets are present in the source material. The skill explicitly forbids simplifying or redacting this content, which may lead to tokens or internal paths being saved in plain text within documentation.
Audit Metadata