project-docs
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an 'Audit' mode that requires the agent to read and evaluate the contents of every markdown file in the repository. This exposure to untrusted documentation content represents an indirect prompt injection vector where malicious instructions could attempt to subvert the agent's behavior. \n
- Ingestion points: The agent processes all
.mdfiles found in the project directory as part of the auditing workflow described inSKILL.mdand related rules likerules/quality-ai-slop.md. \n - Boundary markers: No specific instruction delimiters or boundary protections are specified to help the agent distinguish between its instructions and the data being audited. \n
- Capability inventory: The agent can recommend file deletions, renames, and modifications, although it is constrained from executing them autonomously. \n
- Sanitization: The skill includes a mandatory safety rule: 'Never auto-delete. Always surface for user approval first', which serves as a primary mitigation against unauthorized actions initiated by malicious content.
- [COMMAND_EXECUTION]: The rule files contain numerous shell command snippets (utilizing
find,grep,awk,awk,git) for detecting documentation issues. While these are functional examples, they involve executing logic on local file structures. \n - Evidence: 'Detection' sections in files such as
rules/cleanup-orphans.mdandrules/lifecycle-freshness.mdprovide shell scripts that the agent is expected to use or recommend for file system analysis.
Audit Metadata