meta-docs
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions in SKILL.md to download and execute an installation script for the uv package manager from the astral.sh domain.
- [COMMAND_EXECUTION]: The doc_manager.py script executes the git config command via a subprocess to retrieve the user.name and user.email for documentation metadata.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external markdown files.
- Ingestion points: File content is read through the read command and handled by the handle_read function in doc_manager.py.
- Boundary markers: The script outputs the raw body of the documents without using delimiters or warning the agent about embedded instructions.
- Capability inventory: The skill has the capability to search, read, create, and update files within the docs directory.
- Sanitization: No sanitization, escaping, or validation is performed on the content retrieved from or written to the markdown files.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata