Skills
skills/eljun/workflow-skills/document/Gen Agent Trust Hub

document

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from project files.
  • Ingestion points: The skill reads primary sources from docs/task/{ID}-{task-name}.md and docs/testing/{ID}-{task-name}.md to determine documentation content.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands within the ingested files are present.
  • Capability inventory: The skill has the capability to write to critical project files like CLAUDE.md, LEARNINGS.md, and TASKS.md, as well as creating new documentation files.
  • Sanitization: There is no evidence of sanitization or validation of the content read from the task or testing documents.
  • [COMMAND_EXECUTION]: The skill executes shell commands to inspect the state of the repository.
  • Evidence: Uses git diff --name-only main...HEAD to identify file changes and cross-reference them against the task document.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:19 AM