doc-consolidation
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untracked markdown files as its primary data source. An attacker could place malicious instructions inside a markdown report that the agent might inadvertently follow during the analysis or merge phases.
- Ingestion points: Processes untracked markdown files identified via git status across the workspace.
- Boundary markers: The skill uses standard markdown headers to segment content but lacks specific instructions to ignore potentially malicious embedded commands within those segments.
- Capability inventory: The skill has permissions to create directories, write to arbitrary paths in the repository, and delete files using the unlink operation.
- Sanitization: The logic includes structure-based validation but does not perform content-based sanitization for adversarial instructions.
- [COMMAND_EXECUTION]: The skill executes shell commands, specifically git status --porcelain, to detect candidate files for consolidation. This is a documented part of the workflow and is used to manage the local environment.
Audit Metadata