sync-skill
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data such as PR diffs and doc files provided through the
$ARGUMENTSparameter. This creates a surface for indirect prompt injection where malicious instructions embedded in source files could influence the agent's behavior during the sync process. - Ingestion points: Doc file paths and PR diffs provided as input to the skill.
- Boundary markers: Absent. The skill does not provide instructions to the agent to disregard instructions or control sequences found within the source material.
- Capability inventory: The skill performs file system reads and writes, and executes shell commands (
bun lint:fix). - Sanitization: Absent. Source data is incorporated into skill files without filtering or escaping of potential prompt directives.
- [COMMAND_EXECUTION]: The skill triggers the execution of external shell commands as part of its verification workflow.
- Evidence: The verification section in
SKILL.mdexplicitly calls for runningbun lint:fixafter modifications are applied.
Audit Metadata