update-docs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local TypeScript scripts scripts/generate-changelog.ts and scripts/generate-docs.ts via the bun runtime to automate documentation and changelog generation.
- [COMMAND_EXECUTION]: The skill uses git diff to facilitate the review of changes made to the documentation directory.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it reads and analyzes external data from the codebase to update documentation.
- Ingestion points: Source code in src/, api/, and configuration files like package.json are read into the agent's context.
- Boundary markers: The instructions lack specific delimiters or instructions to ignore embedded commands within the code being analyzed.
- Capability inventory: The agent can write to the filesystem and execute local scripts via bun.
- Sanitization: There is no evidence of sanitization or filtering applied to the content extracted from the codebase before it is processed by the agent.
Audit Metadata