sbox
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a Retrieval-Augmented Generation (RAG) system that processes documentation data from external sources, which creates a potential surface for indirect prompt injection where malicious content in the documentation could attempt to influence the agent's behavior. \n
- Ingestion points: API reference metadata is downloaded from an external CDN at
cdn.sbox.gamein theapps/fumadocs/scripts/bootstrap-api-reference.tsscript. \n - Boundary markers: The retrieval logic in
apps/fumadocs/src/features/api/utils/rag.tsuses a system prompt that explicitly instructs the assistant to only use retrieved entities and to ask for query refinement if evidence is insufficient. \n - Capability inventory: Across its implementation scripts, the skill performs network operations via
fetch, file system writes usingwriteFile, and manages local subprocess orchestration viaBun.spawnSync. \n - Sanitization: The skill makes extensive use of Zod schemas in
apps/fumadocs/src/features/api/utils/schemas.tsandapps/fumadocs/src/features/api/v1/domain/schemas.tsto validate external data and tool inputs.\n- [EXTERNAL_DOWNLOADS]: During its bootstrap phase, the skill fetches a large JSON API dump from the official S&Box content delivery network (cdn.sbox.game) to generate the local search index and documentation pages.
Audit Metadata