docs-writer

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflows in brief.md, design.md, prd.md, and tdd.md include a static shell command (grep -qxF '.artifacts' .git/info/exclude || echo '.artifacts' >> .git/info/exclude) to ensure the local .artifacts directory is ignored by Git. This is a common project hygiene practice and does not involve user-supplied arguments.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input during the 'Discovery' phases to populate document templates. This represents an inherent attack surface for indirect prompt injection.
  • Ingestion points: User responses gathered during the interview workflows defined in discovery.md, prd.md, design.md, and tdd.md.
  • Boundary markers: The skill employs structured Markdown templates using {{placeholder}} syntax to separate instructions from generated content.
  • Capability inventory: The skill possesses the ability to read and write files within the project directory (specifically under .artifacts/docs/) and execute a static shell command for Git configuration.
  • Sanitization: The skill includes a dedicated quality.md gate and a 'Synthesis' phase that requires explicit user confirmation of the extracted information before final documents are drafted.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 05:09 PM
Security Audit — agent-trust-hub — docs-writer