add-provider-doc
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill instructs the agent to process external provider documentation and use that data to 'Update all Dockerfiles' and '.env.example'. This creates a vulnerability surface where untrusted external content could influence sensitive configuration files.\n
- Ingestion points: Triggered by provider documentation tasks, which ingest content from external documentation sources.\n
- Boundary markers: No specific delimiters or safety instructions are provided to sanitize or isolate the external content before it is used to update system files.\n
- Capability inventory: Directs the agent to perform file-write operations on critical files including
Dockerfile,Dockerfile.database,Dockerfile.pglite, and.env.example.\n - Sanitization: While the skill warns against real API keys, it lacks mechanisms to sanitize provider-provided strings (like names or model lists) that are inserted into the Dockerfiles.\n- Data Exposure & Exfiltration (LOW): The skill handles documentation related to model providers and environment variables.\n
- Risk: Potential for accidental exposure of API keys if documentation is not handled carefully.\n
- Mitigation: Includes a proactive safety instruction: 'Never include real API keys
- use placeholders', which significantly reduces the risk of accidental credential leakage.\n- No Code (SAFE): The skill contains no scripts or executable code. It functions as a set of instructions for the agent to follow using its own toolset.
Audit Metadata