ws-codebase-documenter
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting content from untrusted source code and interpolating it into
CLAUDE.mdas project-level rules. - Ingestion points: All source files identified during the scan phase (SKILL.md Step 2.4), specifically documentation comments and architectural patterns.
- Boundary markers: No explicit sanitization or delimiters are mentioned to isolate extracted code comments from the generated instructions in
CLAUDE.md(SKILL.md Step 2.6). - Capability inventory: The skill has the capability to modify the agent's root instruction file (
CLAUDE.md), perform git operations (git push,git clone), and create/modify local files. - Sanitization: The skill lacks validation or filtering for content extracted from source code before placing it into the project's rule definitions.
- [COMMAND_EXECUTION]: The skill uses shell commands for core functionality, including git operations for diffing (
git diff), state management (git rev-parse), and branching (git checkout). - [EXTERNAL_DOWNLOADS]: The Docusaurus sync feature (SKILL.md Step 5) involves cloning and pulling from remote git repositories defined in the user configuration. While the destination is user-controlled, this involves executing remote operations based on configuration data.
Audit Metadata