map-docs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external content from documentation websites via WebFetch. This content is used to plan and structure future agent skills, presenting a 'multi-step chain' attack surface where poisoned documentation could lead the agent to generate insecure or malicious code in subsequent tasks.
- Ingestion points: Documentation URLs fetched via WebFetch in Step 1.
- Boundary markers: Absent. The instructions do not specify delimiters for the fetched content.
- Capability inventory: Internal influence and reasoning; the output informs the planning of 'Claude Code skills'.
- Sanitization: Absent. There is no validation or filtering of the content returned by WebFetch.
Audit Metadata