Skills
skills/bjornmelin/dev-skills/repo-docs-align/Gen Agent Trust Hub

repo-docs-align

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python utility scripts/new_repo_docs_align_artifact.py to manage its internal working directory (.agents/). This script uses subprocess.run to invoke the git check-ignore command. The implementation is safe as it passes arguments as a list and does not use a shell environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes potentially untrusted data from the repository (e.g., doc comments, README, AGENTS.md, ADRs) to generate documentation updates.
  • Ingestion points: AGENTS.md, README.md, ADRs, specs, doc comments, and runbooks as specified in the Workflow section of SKILL.md.
  • Boundary markers: The skill does not define specific delimiters or instructions to the LLM to treat the ingested repository content as untrusted data.
  • Capability inventory: The skill has permissions to write and edit repository files (Workflow Step 7) and can spawn sub-agents for further exploration (as described in references/subagent-orchestration.md).
  • Sanitization: There is no evidence of sanitization or filtering of the content read from the repository before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:36 PM