skills/seqis/openclaw-skills-converted-from-claude-code/agent-documentation-scribe/Gen Agent Trust Hub
agent-documentation-scribe
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to analyze and summarize external, potentially untrusted data such as source code and existing documentation files.
- Ingestion points: Reads various local project files (ROADMAP, API_REFERENCE, source code) to generate documentation.
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined to separate ingested data from the agent's system instructions.
- Capability inventory: The agent has access to significant capabilities including
Bash,WebFetch,Write, andmcp__brave__brave_web_search. - Sanitization: There is no evidence of sanitization or filtering of the content read from files before it is processed by the agent.
- [COMMAND_EXECUTION]: The imported agent specification includes the
Bashtool. While this tool is intended for documenting and verifying code examples, its presence as a capability alongside data ingestion surfaces increases the potential impact of a successful injection attack.
Audit Metadata