Skills
skills/wxul/read-document-skill/read-doc/Gen Agent Trust Hub

read-doc

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it ingests untrusted data from the web and uses it to drive high-privilege actions (code generation).
  • Ingestion points: The WebFetch tool is used to retrieve content from arbitrary external URLs (SKILL.md, Step 2).
  • Boundary markers: There are no instructions to use delimiters or to warn the agent that the documentation content might contain adversarial instructions (SKILL.md, Step 4 & 5).
  • Capability inventory: The output is a "Technical Reference Summary" specifically designed to dictate how the agent writes, modifies, or fixes code (SKILL.md, Step 5).
  • Sanitization: The skill lacks any sanitization or validation logic for the content fetched via WebFetch.
  • Risk: An attacker-controlled or compromised documentation page could contain hidden instructions that manipulate the agent into inserting backdoors, exfiltrating data, or disabling security checks in the code it generates for the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:13 AM