update-doc
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Susceptibility to Indirect Prompt Injection (Category 8). The skill ingests untrusted data from git diffs and user-provided arguments, which are then passed to a downstream 'recorder' agent.
- Ingestion points: Git diff output and $ARGUMENTS (SKILL.md, Steps 1 and 3).
- Boundary markers: Absent. There are no instructions to the agent to disregard instructions within the processed data.
- Capability inventory: Access to Bash, Write, Edit, and Task tools (SKILL.md).
- Sanitization: Absent. Data is interpolated directly into prompts for the recorder agent.
Audit Metadata