Skills
skills/tokenrollai/cc-plugin/doc-workflow/Gen Agent Trust Hub

doc-workflow

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses the ! syntax in SKILL.md to execute shell commands (test, find, cat, wc) at runtime for pre-fetching context. While the commands are currently hardcoded to specific paths, they represent active shell interaction.
  • [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface detected. The skill automatically reads the first 30 lines of llmdoc/index.md into the prompt context.
  • Ingestion points: llmdoc/index.md via cat command in SKILL.md.
  • Boundary markers: Absent; content is directly interpolated into the context.
  • Capability inventory: Read, Glob, and AskUserQuestion tools.
  • Sanitization: None; raw file content is piped to the agent.
  • [EXTERNAL_DOWNLOADS] (SAFE): No external network requests or package installations were detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:45 AM