docs-seeker
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash commands to facilitate documentation extraction from repositories. Specifically, it utilizes 'npm install -g repomix' to install necessary tools and 'git clone' to retrieve repository data to '/tmp/docs-analysis' for processing. It then executes 'repomix' to generate a consolidated file for AI analysis.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via 'WebFetch' of 'llms.txt' files, documentation pages, and the full content of GitHub repositories packed by 'Repomix' (e.g., 'repomix-output.xml').
- Boundary markers: There is an absence of explicit boundary markers or 'ignore embedded instructions' warnings when passing retrieved external content to sub-agents (Explorer/Researcher).
- Capability inventory: The agent possesses capabilities to execute bash commands, perform network operations, and spawn sub-tasks, which could be leveraged if malicious instructions are present in the ingested documentation.
- Sanitization: No explicit sanitization or validation of the retrieved documentation or repository content is described before it is processed by the LLM.
- [EXTERNAL_DOWNLOADS]: The skill fetches technical data and configuration from multiple external sources. It prioritizes 'context7.com' for 'llms.txt' discovery and falls back to GitHub and official project documentation domains. These operations are aligned with the skill's primary purpose of documentation discovery.
Audit Metadata