doc-writer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data and writing it to the file system.
- Ingestion points: User-provided text intended for documentation (SKILL.md).
- Boundary markers: No delimiters or warnings are used to separate user content from the document structure.
- Capability inventory: Bash, Write, Edit, Read, Glob, Grep, LS.
- Sanitization: No input filtering or escaping is implemented.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute directory listing commands (ls -la docs/). This capability is used for discovery but contributes to the skill's overall privilege level.
Audit Metadata