Skills
skills/s-hiraoku/synapse-a2a/github-pages-sync/Gen Agent Trust Hub

github-pages-sync

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell command to verify the integrity of the documentation site after updates.
  • Evidence: Phase 4 (Verify) in SKILL.md triggers the command uv run mkdocs build --strict to check for build errors and broken links.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository to influence its logic and file-writing actions.
  • Ingestion points: Reads source code from synapse/, plugins/, and pyproject.toml, as well as documentation from guides/, docs/, and README.md to identify mapping relationships defined in references/source-site-mapping.md.
  • Boundary markers: The skill does not define explicit delimiters or use system-level instructions to ignore potential malicious prompts embedded within the source files it reads.
  • Capability inventory: The skill has the ability to read and write files in the site-docs/ directory, update mkdocs.yml and changelog.md, and execute shell commands via uv.
  • Sanitization: The risk is mitigated by a mandatory human-in-the-loop approval step in Phase 3, where proposed changes must be presented to and approved by the user before being applied to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 03:27 PM