claude-docs-consultant
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (LOW): The skill features a documentation ingestion surface using WebFetch to retrieve content from docs.claude.com. While the suggested extraction prompt in SKILL.md lacks explicit boundary markers to disregard instructions within the fetched text, the risk is minimal because the source domain is the official documentation platform maintained by Anthropic for the agent's own ecosystem. * Ingestion points: WebFetch calls to docs.claude.com defined in SKILL.md. * Boundary markers: Absent in the suggested extraction prompt. * Capability inventory: Coding assistant capabilities including Bash execution, file writing, and reading as documented in the vault. * Sanitization: None.
- External Downloads (INFO): The skill is designed to perform on-demand downloads of technical documentation from docs.claude.com. This domain is considered a trusted external source for this agent.
- No Code (SAFE): The skill package does not include executable scripts, binaries, or active logic; it consists entirely of markdown files, configuration metadata, and documentation assets.
Audit Metadata