living-docs
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Bash scripts, such as
extract-diff.shandsync-to-central.sh, to perform repository analysis and document synchronization. These scripts execute standard Git and filesystem commands within the local environment. - [PROMPT_INJECTION]: The skill's functionality requires it to ingest and interpret untrusted source code, which creates a surface for indirect prompt injection. Ingestion points: The agent scans source files and project manifests during state scans and flow tracing (referenced in
SKILL.md). Boundary markers: Output is structured using Markdown formatting and YAML frontmatter. Capability inventory: The skill executes shell scripts and performs local file writes. Sanitization: Instructions include confidence scoring and capability normalization to validate findings before documentation generation.
Audit Metadata