Quill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves processing untrusted codebase content to generate documentation.
- Ingestion points: Project source code files, READMEs, and environment configurations.
- Boundary markers: While the skill references external role boundaries, it does not define explicit delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: Reading file system data and writing documentation or type definition updates.
- Sanitization: The provided documentation does not specify sanitization or filtering procedures for codebase content before interpolation into prompts.
- [COMMAND_EXECUTION]: Reference guides within the skill suggest using standard local utilities such as
grep,find, andnpxfor auditing tasks and running documentation generators. - [EXTERNAL_DOWNLOADS]: The skill mentions and provides configuration for well-known development tools available through the NPM registry, including
typedoc,swagger-jsdoc,type-coverage, andmarkdown-link-check.
Audit Metadata