read-doc
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses hardcoded shell commands (
cat,find) to pre-fetch context from thellmdocdirectory. These are limited in scope and do not accept user input.\n- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted markdown content to generate summaries. \n - Ingestion points: Multiple markdown files from the
llmdoc/directory and its subdirectories (overview, architecture, guides).\n - Boundary markers: None present in the instructions to separate data from instructions.\n
- Capability inventory: The skill is restricted to read-only tools (
Read,Glob,Grep). It cannot modify files or access the network.\n - Sanitization: No sanitization or instruction-filtering is applied to the documentation content before it is processed.
Audit Metadata