doc-flow
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow for processing untrusted data from project artifacts, creating a surface for indirect prompt injection. 1. Ingestion points: The agent is instructed to read content from the strategy/, docs/, and ai_dev_flow/ directories (SKILL.md). 2. Boundary markers: The skill does not define explicit delimiters or warnings to ignore instructions embedded within the processed documentation. 3. Capability inventory: The skill has the capability to execute local scripts and write files to the project directory (SKILL.md, SHARED_CONTENT.md). 4. Sanitization: No sanitization or validation logic for the content of the ingested files is mentioned.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute several local shell and Python scripts for artifact validation and traceability checks, including validate_quality_gates.sh, validate_brd_template.sh, and extract_tags.py (SKILL.md, SHARED_CONTENT.md).
Audit Metadata