documentation-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It is configured to load and follow rules from the '.claude/rules/documentation/' directory, which is part of the untrusted codebase. 1. Ingestion points: Reads all markdown files in '.claude/rules/documentation/'. 2. Boundary markers: None present; the agent is explicitly told to 'Load the conventions' and 'Follow' them. 3. Capability inventory: The agent has permission to create and edit files in 'docs/' and 'README.md'. 4. Sanitization: None; the files are treated as direct instructions for the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata