docs-seeker
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line operations to perform repository analysis. Specifically, it uses
git cloneto download source code to/tmp/docs-analysisandnpm install -g repomixto install the Repomix utility for packing repository content into an AI-friendly format. - [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources, primarily prioritizing
context7.comfor standardizedllms.txtdocumentation. It also performs broad web searches and fetches documentation directly from various library and framework domains. - [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it ingests and processes untrusted technical documentation from the internet.
- Ingestion points: Untrusted data enters the agent context via
WebFetch,WebSearch, andgit cloneoperations defined inSKILL.mdandWORKFLOWS.md. - Boundary markers: The instructions do not specify explicit delimiters or "ignore instructions" warnings to separate external documentation from the agent's internal logic.
- Capability inventory: The skill has the capability to execute shell commands (
npm,git,repomix) as described inSKILL.md. - Sanitization: No sanitization or validation of the fetched documentation content is mentioned before it is processed by the LLM agents.
Audit Metadata