docs-writer
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The workflows in
brief.md,design.md,prd.md, andtdd.mdinclude a static shell command (grep -qxF '.artifacts' .git/info/exclude || echo '.artifacts' >> .git/info/exclude) to ensure the local.artifactsdirectory is ignored by Git. This is a common project hygiene practice and does not involve user-supplied arguments. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input during the 'Discovery' phases to populate document templates. This represents an inherent attack surface for indirect prompt injection.
- Ingestion points: User responses gathered during the interview workflows defined in
discovery.md,prd.md,design.md, andtdd.md. - Boundary markers: The skill employs structured Markdown templates using
{{placeholder}}syntax to separate instructions from generated content. - Capability inventory: The skill possesses the ability to read and write files within the project directory (specifically under
.artifacts/docs/) and execute a static shell command for Git configuration. - Sanitization: The skill includes a dedicated
quality.mdgate and a 'Synthesis' phase that requires explicit user confirmation of the extracted information before final documents are drafted.
Audit Metadata