docs-write
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads and writes markdown and MDX files. This creates an ingestion point for untrusted data. There are no explicit boundary markers (e.g., delimiters) or instructions for the agent to ignore embedded commands within the documentation it processes, which could lead to the agent following malicious instructions found in those files. Evidence: Found in 'allowed-tools' (Read, Write) and 'Edit' section (verifying examples).
- [Command Execution] (SAFE): The skill utilizes the 'Bash' tool to execute 'yarn prettier --write '. This is a standard and expected operation for the primary purpose of formatting documentation and does not involve arbitrary or untrusted command strings.
Audit Metadata