grill-with-docs
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to 'explore the codebase' to resolve questions about the implementation. This typically involves using standard file system exploration tools to read code and documentation files.
- [DATA_EXPOSURE]: The skill reads existing documentation files such as
CONTEXT.md,CONTEXT-MAP.md, and ADRs (Architectural Decision Records) to understand the project's domain model and previous decisions. This is restricted to architectural documentation and does not target sensitive configuration or credential files. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading existing documentation files in the repository. While this presents a theoretical surface for indirect prompt injection, the skill's capabilities are limited to interviewing the user and updating documentation files, posing no risk of privilege escalation or data exfiltration.
- Ingestion points: Documentation files (
CONTEXT.md,CONTEXT-MAP.md,docs/adr/*.md) and general codebase exploration. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: File system read/write access (specifically for markdown documentation), user interaction (interviewing).
- Sanitization: No specific sanitization or validation of the ingested markdown content is performed.
Audit Metadata