doc-consistency-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it is designed to ingest and analyze untrusted data from local repositories.
- Ingestion points: The skill reads
README.md,docs/**/*.md, and contract files like OpenAPI/proto/GraphQL schemas as identified inSKILL.mdandreferences/checklist.md. - Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the ingested content, increasing the risk that the agent may follow instructions found within a project's documentation.
- Capability inventory: The agent is given file system read access and is encouraged to use shell commands (e.g., searching or enumerating files) to perform its review.
- Sanitization: No sanitization or validation mechanisms are mentioned to filter or escape content from external files.
- [COMMAND_EXECUTION]: The audit checklist suggests that the agent attempt to run build and test commands to verify documentation accuracy.
- Evidence: In
references/checklist.md, under section 5 (运行方式与脚本), the checklist includes items such as "构建命令是否能成功执行?" (Can the build command be successfully executed?) and "测试命令是否与测试框架配置一致?" (Is the test command consistent with the framework configuration?). - Risk: If an agent attempts to execute commands (like
npm installormake build) found in an untrusted or malicious repository, it could lead to the execution of arbitrary code or system compromise.
Audit Metadata