readthedocs-build-failure-triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes
curlcommands to fetch metadata and logs from the Read the Docs API. This is a standard diagnostic function but involves executing shell commands. - [DATA_EXFILTRATION] (LOW): The skill includes instructions to pass an API token (
RTD_TOKEN) in a header to a variable host (RTD_HOST). While the documentation points to legitimate Read the Docs domains, a malicious user could potentially supply a different host URL to capture the token. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface Detected. The skill is specifically designed to read and interpret raw build logs which could contain attacker-controlled content.
- Ingestion points: Raw build logs are fetched via the RTD text endpoint defined in
SKILL.md. - Boundary markers: None are specified; the logs are processed as raw text.
- Capability inventory: Includes network reads via
curl. The agent is also instructed to "apply fixes," which might lead to file modifications if the agent has those permissions. - Sanitization: The skill does not implement sanitization for the log content, relying on the agent to interpret potentially malicious strings inside the build output.
Audit Metadata