doc-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading markdown files in the docs/ directory to determine categories. Malicious content within these files could attempt to influence the agent's logic. • Ingestion points: Local markdown files in the docs/ directory. • Boundary markers: Absent; no delimiters are used during file reading to isolate content. • Capability inventory: Access to Bash (mkdir, git mv), Read, and Glob tools. • Sanitization: Absent; content is processed directly for keywords without prior validation.
- [COMMAND_EXECUTION]: The skill constructs Bash commands using filenames and category names found on the filesystem. The lack of input sanitization for these variables represents a risk of command injection if filenames or directory names contain shell-sensitive characters like semicolons or backticks.
Audit Metadata