skills-docs
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a build pipeline that utilizes a custom, 'hand-rolled' YAML parser (
scripts/generate-skills.ts) to transform documentation into prose for LLMs. The documentation explicitly notes that this parser has significant limitations and 'silently produces wrong output' when encountering unsupported YAML syntax (such as multi-line strings, comments, or deep nesting). This behavior represents a surface for indirect prompt injection (schema confusion), as malformed input in source files could lead to the unintended injection of instructions into the prose-based skills consumed by an AI agent.\n - Ingestion points: Processes markdown source files and YAML frontmatter in the
skills/skills/directory.\n - Boundary markers: No specific boundary markers or sanitization logic are mentioned for the generated prose output.\n
- Capability inventory: The system includes scripts to generate files and push them to a remote repository.\n
- Sanitization: The documentation acknowledges the parser's lack of robustness and its potential to fail silently without validation.\n- [COMMAND_EXECUTION]: The authoring workflow directs users or agents to execute local repository scripts, including
npx tsx scripts/generate-skills.tsand./scripts/push-skills. These scripts perform data transformation and network operations (pushing to a remote server) as part of the intended content management and publishing workflow for the Editframe platform.
Audit Metadata