doc-req-fixer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming external report data to modify project files. Ingestion points: Processes REQ-NN.A_audit_report_vNNN.md and legacy review reports. Boundary markers: No specific delimiters or boundary instructions are used to separate report data from the agent's internal logic. Capability inventory: The skill can create directories (os.makedirs), move files (shutil.move), and write file content (Path.write_text). Sanitization: Parsing relies on regex and templates for structural fixes but does not sanitize free-text content used for document updates.
- [COMMAND_EXECUTION]: The skill uses local system utilities and Python libraries for document organization and validation. It executes sha256sum via shell for file integrity checks and uses standard library functions for moving files to enforce project structure rules.
Audit Metadata