incident-documenting
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting incident details from the conversation context. (Ingestion points: chat history via SKILL.md; Boundary markers: absent; Capability inventory: file-write operations; Sanitization: none mentioned). This surface could be used to inject malicious content into documentation, though the risk is mitigated by the intended human review of the artifacts.
- [COMMAND_EXECUTION]: The skill instructs the agent to save generated documentation as markdown files to local directories (e.g., .docs/). This is a core feature of the skill and is documented as its primary function.
Audit Metadata