Skills
skills/stanah/dotagents/doc-update/Gen Agent Trust Hub

doc-update

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill reads and processes external source files to update documentation, creating a surface for injection.
  • Ingestion points: Contents of source files specified in .docstore/sources.yaml.
  • Boundary markers: None specified in the workflow instructions.
  • Capability inventory: Bash, Read, Write, Edit, Grep, Glob, Task.
  • Sanitization: No explicit sanitization or filtering of source content is mentioned before extraction or integration.
  • [Command Execution] (SAFE): Uses the Bash tool to execute stat for retrieving file modification timestamps.
  • Evidence: stat -f %m <file> (macOS) and stat -c %Y <file> (Linux) are used for legitimate metadata comparison.
  • [Data Exposure & Exfiltration] (SAFE): Accesses local file paths for document management. No hardcoded credentials or network-based exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:27 PM