Skills
skills/zhucl1006/ailesuperpowers/aile-docs-init/Gen Agent Trust Hub

aile-docs-init

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to inspect the project environment and manage directories. Evidence includes the use of ls, find, git log, and mkdir in SKILL.md for project discovery and documentation structure creation.
  • [EXTERNAL_DOWNLOADS]: The skill integrates with an external Google Drive service to synchronize documentation files to shared folders. Evidence includes the use of a google-drive skill and specific folder IDs (e.g., 1u2I7QtOQDzWnQAVgINZqQbLv0wOjvR_0) defined in docs-templates/google-drive-sync-integration.md.
  • [PROMPT_INJECTION]: The skill uses role-play instructions to define the agent's persona and ingests untrusted source code, creating an indirect prompt injection surface.
  • Ingestion points: The skill reads local source code files (src/, app/, lib/) and configuration files in Phase 1B.
  • Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are implemented when reading codebase content.
  • Capability inventory: Shell execution (ls, mkdir, find, git), file writing, and remote synchronization via the google-drive tool.
  • Sanitization: There is no evidence of sanitization or filtering of the content extracted from the codebase before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 11:59 AM