docs-writer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command to ensure the local '.artifacts' directory is excluded from Git tracking to prevent accidental check-in of generated documentation.\n
- Evidence: This instruction is present in
references/brief.md,references/design.md,references/prd.md, andreferences/tdd.md.\n - Command:
grep -qxF '.artifacts' .git/info/exclude 2/dev/null || echo '.artifacts' >> .git/info/exclude\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted user input during its discovery phase and interpolates it into document templates.\n - Ingestion points: User answers during the adaptive interview process defined in
references/discovery.md.\n - Boundary markers: Templates in
references/prd.md,references/design.md, andreferences/tdd.mdlack explicit delimiters or instructions to ignore potential commands embedded in user input.\n - Capability inventory: The agent performs file-writing operations to the local
.artifacts/docs/directory.\n - Sanitization: No explicit input validation or escaping mechanisms are defined for processing the gathered requirements before drafting.
Audit Metadata