update-docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted data from source code changes and pull request descriptions to automate documentation tasks.
- Ingestion points: Data enters the agent context via 'git diff' output and by reading source files in the 'packages/next/src/' directory.
- Boundary markers: Absent. There are no delimiters or specific instructions provided to the agent to ignore or isolate instructions embedded within the code or markdown files being processed.
- Capability inventory: The skill has the authority to execute shell commands ('git', 'pnpm') and perform file-system write operations to update MDX documentation.
- Sanitization: None. The skill lacks validation or sanitization of the content extracted from the code changes before using it to generate documentation.
- [Remote Code Execution] (HIGH): The workflow includes the execution of 'pnpm lint' and 'pnpm prettier-fix'.
- Risk: In the context of reviewing PRs from external contributors, a malicious actor could modify the 'package.json' file to include a malicious command within the 'lint' or 'prettier-fix' scripts. When the agent executes these commands as part of its validation step, it would trigger arbitrary code execution in the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata