smart-docs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): Automated security scanners (URLite) identified blacklisted malicious URLs within the skill's associated project files (specifically main.rs). This confirmed detection indicates that the repository source is compromised or malicious.
- EXTERNAL_DOWNLOADS (HIGH): The skill instructions direct users to clone an untrusted GitHub repository (github.com/sopaco/deepwiki-rs) and execute an installation script (install.sh). As this repository is not from a trusted organization, this setup method constitutes high-risk remote code execution.
- PROMPT_INJECTION (LOW): The skill's primary function of generating documentation from user codebases creates a surface for indirect prompt injection. 1. Ingestion points: Reads all files in the current codebase. 2. Boundary markers: Absent; there are no instructions to the agent to ignore embedded instructions in the code being scanned. 3. Capability inventory: The skill can write files and directories (creates ./docs/). 4. Sanitization: Absent; the skill lacks mechanisms to filter or escape malicious content within the analyzed code.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata