technical-writer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its interaction with external content without sufficient safeguards. * Ingestion points: The skill automatically activates and processes
.mdfiles indocs/directories and README files provided by the user. * Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to ignore directives found within the documentation content itself. * Capability inventory: The skill includes a structural validator (scripts/validate_markdown.py) and commands the agent to 'Verify all examples compile and run', which triggers the use of code execution capabilities (like a Python interpreter or shell) on snippets extracted from potentially untrusted documentation. * Sanitization: Absent; the skill does not perform any sanitization, escaping, or validation of the text content within processed files beyond basic structural regex checks. - [COMMAND_EXECUTION]: The skill provides a local Python script (
scripts/validate_markdown.py) intended to be executed by the agent to perform static analysis on the hierarchy and formatting of documentation files.
Audit Metadata