docs-to-skill
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted external content to generate instructions. * Ingestion points: Fetches arbitrary content from external documentation URLs via r.jina.ai. * Boundary markers: Lacks explicit markers or instructions for the agent to treat the fetched content as untrusted or separate from the skill's operational logic. * Capability inventory: The skill can create and write files (SKILL.md) and perform git commits. * Sanitization: No input validation or sanitization is performed on the documentation content before it is used to construct the new skill.
- [EXTERNAL_DOWNLOADS]: Fetches external documentation through the well-known r.jina.ai markdown converter service.
Audit Metadata