docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to exploitation through untrusted content it is tasked to document. Ingestion points: Technical content and files like '/packages/web/src/content/docs/docs/index.mdx'. Boundary markers: Absent; no delimiters distinguish documentation content from agent instructions. Capability inventory: File system writing and git commit execution ('make a commit'). Sanitization: None; the agent processes content raw and applies it to repository actions.
- [Data Exposure] (LOW): The prompt reveals the internal directory structure of the project by referencing specific file paths.
Recommendations
- AI detected serious security threats
Audit Metadata