health-docs
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions include a robust defensive boundary to handle potential prompt injection attempts within the audited repository. It explicitly directs the agent to treat phrases like "ignore previous instructions" or "you are now" as data to be flagged as conflicts rather than instructions to be executed.
- [DATA_EXFILTRATION]: To prevent sensitive data leakage, the skill implements a mandatory credential redaction rule. It automatically scans for secrets, tokens, and private keys, replacing them with redaction markers and skipping environment files entirely during the documentation consolidation process.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of processing untrusted repository content.
- Ingestion points: Accesses markdown files, agent configuration files, CI/CD workflows, and source code across the repository.
- Boundary markers: Employs an explicit "Prompt injection boundary" rule to differentiate between operational instructions and repository data.
- Capability inventory: Writing analysis reports to the ".health-docs/" directory and documentation files to user-approved locations.
- Sanitization: Utilizes credential redaction and explicit instruction boundaries to mitigate risks associated with processing untrusted data.
Audit Metadata