knowledge-ops
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The author metadata provided in the skill manifest ('claude-code-skills') is inconsistent with the actual author context ('alirezarezvani'). This discrepancy is deceptive and could mislead users regarding the skill's origin.
- [PROMPT_INJECTION]: The skill is designed to ingest and validate external markdown and JSON files using scripts such as
kb_ingester.pyandrunbook_validator.py. This functionality exposes the agent to an indirect prompt injection surface where malicious content within processed documents could attempt to influence the agent's reasoning or instructions during a documentation review. - Ingestion points: The scripts
kb_ingester.py,runbook_validator.py, andsop_generator.pyread content from local files specified by the user. - Boundary markers: No delimiters or specialized instructions are used to separate the processed file content from the agent's core instructions.
- Capability inventory: The Python scripts are limited to read-only file system operations and stdout reporting. No network or destructive capabilities are implemented.
- Sanitization: While the scripts parse the structure of the documents, the text content is not filtered or sanitized for potential embedded instructions.
- [SAFE]: The provided scripts (
kb_ingester.py,runbook_validator.py,sop_generator.py) utilize only the Python standard library and do not require external dependencies, remote downloads, or network access.
Audit Metadata