documentation-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant vulnerability surface where malicious instructions embedded in the codebase could influence the agent's behavior.
- Ingestion points: Reads source code (
.ts,.js,.py,.tsx), dependency manifests (package.json,requirements.txt), and existing documentation files (.md,.yaml,.json) throughout the repository. - Boundary markers: Absent. The skill extracts strings directly from code (e.g., feature names, endpoint paths) and interpolates them into documentation templates without delimiters or 'ignore' instructions.
- Capability inventory: Has extensive capabilities including filesystem search (
find), pattern extraction (grep,sed), file modification (writing/editing docs), and external communication (posting audit reports to GitHub issues). - Sanitization: Absent. Data extracted via regex is used directly in downstream documentation generation and reporting tasks.
- Command Execution (MEDIUM): The skill utilizes powerful shell commands (
find,xargs,sed,grep) to process file contents. While primarily used for extraction, the use ofxargswithbasenameon discovered files could lead to issues if filenames are crafted maliciously, although the risk is lower than direct instruction injection.
Recommendations
- AI detected serious security threats
Audit Metadata