Skills
skills/the1studio/theone-training-skills/docs-seeker/Gen Agent Trust Hub

docs-seeker

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill workflow requires executing multiple local Node.js scripts (detect-topic.js, fetch-docs.js, analyze-llms-txt.js) via the command line. While the scripts themselves are provided, this pattern increases the attack surface if the script logic is compromised.
  • EXTERNAL_DOWNLOADS (MEDIUM): The workflows/repo-analysis.md file instructs the agent to run git clone [repo-url] and npm install -g repomix. Executing these commands on untrusted repository URLs or installing global packages can lead to remote code execution if the sources are malicious.
  • DATA_EXFILTRATION (LOW): The scripts/utils/env-loader.js script recursively searches parent directories (up to .claude/.env) for .env files. This behavior can lead to the accidental exposure of API keys or secrets intended for other skills or agents if they are stored in shared parent directories.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to fetch and process llms.txt files from external sources via context7.com.
  • Ingestion points: scripts/fetch-docs.js (fetches external documentation content).
  • Boundary markers: Absent; the content is piped directly into analysis scripts.
  • Capability inventory: Subprocess calls for git, npm, and node scripts.
  • Sanitization: Limited; analyze-llms-txt.js uses regex to extract URLs but does not sanitize the remaining content for instruction-like patterns.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:22 PM