docs-out
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection because its core function involves reading untrusted external data (source code and existing documentation).
- Ingestion points: The skill explicitly instructs the agent to 'Read the relevant source code' and 'Review existing related documentation' in SKILL.md.
- Boundary markers: There are no instructions provided to the agent to treat the ingested code strictly as data or to ignore embedded instructions (e.g., instructions hidden in code comments).
- Capability inventory: The skill description states it is used to 'generate, update, or refactor' documentation, implying file-write or file-modification permissions which elevates the risk of successful injection.
- Sanitization: No sanitization or validation steps are defined for the content being read before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata