git-doc-updater
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It processes untrusted data (git diffs and local source code) to generate documentation content. Because the agent can write to the filesystem and stage changes in Git, an attacker could hide malicious instructions in code comments to manipulate the agent into corrupting documentation or creating malicious installation instructions. * Ingestion points: Local source code and git diff results. * Boundary markers: No delimiters or ignore-instructions warnings are defined. * Capability inventory: Write access to critical documentation (README.md, CHANGELOG.md, ARCHITECTURE.md) and git command execution. * Sanitization: No sanitization of ingested code content is specified before interpolation into documents.
- COMMAND_EXECUTION (MEDIUM): The skill performs git add operations. While expected for its purpose, automating this based on untrusted inputs increases the risk of automatically staging malicious changes to the repository.
Recommendations
- AI detected serious security threats
Audit Metadata