update-docs
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust workflow that requires explicit user consent (Step 2) after the initial scan but before any write operations occur, which is a key security best practice.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool specifically for directory listing (ls) at the project root to identify relevant files. This is a restricted and appropriate use of the tool for discovery.
- [PROMPT_INJECTION]: The skill processes project files and user arguments through subagents, which constitutes an indirect prompt injection surface (Category 8). (1) Ingestion points: Project file contents read via the Read tool and the $ARGUMENTS variable. (2) Boundary markers: No specific delimiters are used in the subagent briefings to separate instructions from data. (3) Capability inventory: The agent has access to Bash, Read, Grep, Glob, and subagent spawning tools. (4) Sanitization: The skill does not perform sanitization on ingested data before passing it to subagents. (5) Context: The human-in-the-loop verification step is a sufficient control to ensure that any malicious instructions embedded in project files are not executed without oversight.
Audit Metadata