doc-query
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
sdd doccommand-line interface for tasks like entity lookup, call graph analysis, and impact assessment. These commands are part of the skill's primary intended functionality and operate on the local file system. - [PROMPT_INJECTION]: The skill acts as an ingestion point for documentation data (e.g.,
codebase.json,docs/directory) that is generated from project source code, making it susceptible to indirect prompt injection. - Ingestion points: Documentation files such as
codebase.jsonand markdown files within thedocs/directory (referenced in SKILL.md). - Boundary markers: There are no explicit instructions or delimiters provided in the skill files to ensure the agent ignores or sanitizes instructions that might be embedded in the documentation content.
- Capability inventory: The agent has access to various analysis and query commands via the
sddtool, which could be misdirected if the input documentation is malicious. - Sanitization: No sanitization or validation logic is defined in the skill for the documentation content it processes.
Audit Metadata