grill-with-docs
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses standard file manipulation tools to read and update documentation and source code as part of its design review workflow.
- [PROMPT_INJECTION]: The skill processes untrusted data from the codebase (e.g., CONTEXT.md, source files) and possesses capabilities including Bash execution and file writing. This represents a potential surface for indirect prompt injection if processed files contain malicious instructions. Ingestion points: Reads CONTEXT.md, docs/adr/, and project source files. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential instructions within the read data. Capability inventory: Access to Read, Grep, Glob, Bash, Write, and Edit tools. Sanitization: No input validation or sanitization of file content is specified.
Audit Metadata