update-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection because it ingests untrusted data from existing documentation files. 1. Ingestion points: The skill reads multiple markdown files from the
./docs/directory and processes a user-supplied command string. 2. Boundary markers: Delimiters or 'ignore embedded instructions' warnings are absent. 3. Capability inventory: The skill uses Read, Write, Glob, and Grep tools. While it cannot execute arbitrary code or access the network, it can modify documentation based on instructions found within existing files. 4. Sanitization: No sanitization or validation of the ingested document content is performed before it is used to generate the Update Plan. - [Command Execution] (SAFE): The skill executes a simple
lscommand to verify directory presence. This is a standard, low-risk, read-only operation necessary for the skill's primary function and does not pose a security threat.
Audit Metadata