project-guide-doc
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a high-risk surface for indirect prompt injection as it processes untrusted project data to generate output.
- Ingestion points: All files within the user-provided
--project-root, specifically scanningpackage.json,requirements.txt, and configuration files. - Boundary markers: None specified; the agent is not instructed to ignore embedded instructions in the scanned files.
- Capability inventory: The skill reads the filesystem, interprets file contents, and writes a new document (
DEVELOPMENT_GUIDE.md) to the filesystem. - Sanitization: No sanitization or filtering of external content is mentioned.
- [Data Exposure] (HIGH): The skill's functional description explicitly states it identifies databases by reading 'connection info in configuration files'. This behavior essentially automates the discovery of potentially sensitive credentials and hardcoded secrets, exposing them to the agent's context and the generated document.
- [Command Execution] (MEDIUM): The workflow requires the execution of
scripts/generate_guide.pyusing a user-provided--project-root. If the agent does not properly validate or sanitize this path input before passing it to the shell, it could lead to command injection vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata