document
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and interpret external, untrusted content (source code, API behavior) to perform file-writing operations (updating READMEs, guides, and inline comments).
- Ingestion points: Untrusted source code, API specifications, and system descriptions provided by users or read from the environment.
- Boundary markers: Absent. The instructions do not provide delimiters or safety warnings to distinguish between the code being documented and the instructions for the agent, making it vulnerable to 'jailbreak' attempts embedded in code comments.
- Capability inventory: The skill explicitly tasks the agent with 'creating or updating' documentation, which requires file-system write access.
- Sanitization: None. There is no logic to filter or escape malicious sequences within the data being documented.
- [Credentials Unsafe] (INFO): The API documentation template contains hardcoded placeholder secrets (e.g.,
Bearer abc123). These are identified as non-functional examples and do not constitute a credential leak.
Recommendations
- AI detected serious security threats
Audit Metadata