feature-docs
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently uses shell commands such as
git diff,find,ls, andgrepto perform codebase discovery and gather documentation evidence. There is a risk of command injection if the agent processes filenames or paths containing shell metacharacters (e.g., fromgit diff --name-only) and executes them within shell environments without strict sanitization. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core workflow involves reading and summarizing external data from the project repository.
- Ingestion points: The agent reads source code (entities, commands, queries, controllers), existing documentation files in the
docs/folder, and git change histories. - Boundary markers: The instructions do not define boundary markers or delimiters to separate the skill's operational instructions from the content being read from the files, increasing the risk that the agent may follow instructions embedded in code comments or documentation.
- Capability inventory: The agent is granted
Write,Edit, andBashcapabilities, which could be maliciously leveraged if an attacker embeds instructions in the project files to modify other parts of the system or execute unintended commands. - Sanitization: No sanitization or validation logic is defined for the content extracted from the codebase before it is used to generate or update documentation.
Audit Metadata