tech-writer
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's project scanning configuration, located in
references/document-project/documentation-requirements.csv, explicitly instructs the agent to locate and analyze sensitive files. Targeted patterns include.env*,*auth*,*session*,*secret*,*keychain*,google-services.json,*jwt*, and*oauth*. This behavior leads to the extraction and exposure of potentially sensitive configuration details and credentials within the generated markdown documentation files. - [PROMPT_INJECTION]: The skill provides an
Update Standardsworkflow that allows users to modify thereferences/documentation-standards.mdfile by adding "User Specified CRITICAL Rules". These rules are designed to supersede the agent's general instructions, creating a vector for modifying agent behavior through persistent prompt changes. - [COMMAND_EXECUTION]: The documentation workflow requires extensive file system access across the project workspace. The
deep-dive-instructions.mdspecifies that the agent must read "every line of every file in scope" to identify implementation details, side effects, and logic, which constitutes a deep scan of the user's codebase. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests and processes untrusted data from the user's codebase (Step 11 in
full-scan-instructions.md). It extracts content from code and comments and interpolates it into documentation templates without explicit sanitization. - Ingestion points: Full-file reads of source code and comments during "Deep" and "Exhaustive" scans in
full-scan-instructions.mdanddeep-dive-instructions.md. - Boundary markers: None implemented to distinguish codebase content from agent instructions in the output documents.
- Capability inventory: The skill uses file-read and file-write tools to scan the repository and produce documentation.
- Sanitization: There are no instructions for validating, escaping, or filtering the extracted codebase content before it is processed by the LLM or written to disk.
Audit Metadata