update-docs
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads codebase and documentation files which could contain malicious instructions (indirect prompt injection) intended to manipulate the behavior of the subagents used for scanning and writing.
- Ingestion points: Project documentation and source files accessed via the 'Read', 'Grep', and 'Glob' tools.
- Boundary markers: The instructions do not specify any boundary markers or 'ignore' prefixes for the file content passed to the subagent briefings.
- Capability inventory: The skill possesses 'Bash' for shell access and 'Agent' for spawning subagents.
- Sanitization: Content read from files is passed directly to subagents without validation or escaping.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to perform an 'ls' command on the project root. While the current usage is benign, the availability of a shell environment represents a capability that could be exploited if the agent processes malicious input.
Audit Metadata