sync-docs
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Git commands to identify repository changes and project structure, with validation on dynamic branch names to prevent injection.
- [EXTERNAL_DOWNLOADS]: References the ast-grep tool as an optional dependency and provides a mechanism to suggest its installation to the user.
- [PROMPT_INJECTION]: Analyzes untrusted data from the repository, such as documentation content and commit messages, representing a potential surface for indirect prompt injection; however, no exploitable capabilities were identified.
- [SAFE]: The core functionality of the skill is implemented through local logic and standard tools, maintaining a safe operational profile for its intended purpose.
Audit Metadata