docs
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It processes external, potentially attacker-controlled content and has high-privilege capabilities. \n
- Ingestion points: Reads project source files (Phase 2) and CLAUDE.md (Phase 4). \n
- Boundary markers: None specified to distinguish between code and instructions. \n
- Capability inventory: Can modify files (Phase 3: 'Apply language-specific formats') and execute shell commands (Phase 4: 'devtools::document()'). \n
- Sanitization: No sanitization or validation of the ingested code content is mentioned before it influences agent behavior. \n- COMMAND_EXECUTION (MEDIUM): The skill explicitly calls
devtools::document(). While this is a standard R development tool, its execution triggered by an agent processing untrusted code increases the risk of exploitation if the agent is manipulated via injection.
Recommendations
- AI detected serious security threats
Audit Metadata