doc-sync
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted data from repository files and has file-write capabilities across the repository. • Ingestion points: Phase 1 (discovery) and Phase 3 (content migration) read file names and content from the repository. • Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded prompts in source files. • Capability inventory: Uses
findvia subprocess and performs file-write operations on CLAUDE.md and README.md files. • Sanitization: Absent; content is migrated between files without any validation or escaping mechanisms. - [COMMAND_EXECUTION] (LOW): The skill executes the
findcommand to map the directory structure. Whilefindis a standard utility, its output is used to drive the modification logic, which could be exploited if directory names are crafted maliciously.
Recommendations
- AI detected serious security threats
Audit Metadata