test-specs-docs
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is instructed to ingest and process data from external files (specifically Section 15 of feature documents) and use that data to perform file system operations.
- Ingestion points: The skill reads content from
docs/business-features/{App}/detailed-features/and various module READMEs to perform synchronization tasks. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between data and potential instructions within the feature docs it processes.
- Capability inventory: The skill has access to powerful tools including
Write,Edit, andBash, which could be exploited if malicious instructions are embedded in the documents being synced. - Sanitization: There is no evidence of content validation, escaping, or filtering for the data gathered from external feature documents before it is used in subsequent tasks.
Audit Metadata