doc-consistency
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): Surface for Indirect Prompt Injection (Category 8) detected through the ingestion of untrusted repository documentation. \n
- Ingestion points: The skill reads and processes 'README.md', 'CHANGELOG.md', and 'package.json' using 'fs.readFileSync' and 'require' in 'SKILL.md' and 'references/verification-checklist.md'. \n
- Boundary markers: Absent; there are no instructions to the agent to disregard instructions that might be embedded in the processed files. \n
- Capability inventory: The skill can execute local Node.js commands and has read access to the project filesystem. \n
- Sanitization: Absent; file contents are processed as raw strings for comparison logic. \n- Command Execution (LOW): Usage of dynamic execution patterns (Category 10) for verification. \n
- Evidence: The skill uses 'node -e' and 'node -p' to run logic strings that parse project configurations. While the scripts are statically defined in the skill, they utilize a runtime execution pattern.
Audit Metadata