docusaurus-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data such as Docusaurus project configurations, Markdown, and MDX files. * Ingestion points: Local Docusaurus project directory and document files. * Boundary markers: None mentioned in the README; user content is treated as authoritative project data. * Capability inventory: The README explicitly instructs users to enable the 'code_execution' tool in the Claude API and mentions its use for running examples. * Sanitization: There is no evidence of sanitization or filtering for embedded instructions within the processed files.
- [Security Assertions] (INFO): The README contains several unverified safety claims ('Is safe for production use', 'no malicious code') which are considered unreliable data points and ignored in the final verdict determination.
Recommendations
- AI detected serious security threats
Audit Metadata