Skills
skills/emeraldwalk/skills/docs-reading/Gen Agent Trust Hub

docs-reading

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/parse_godot.py employs the exec() function to execute the contents of version.py located within a directory provided via the --godot-repo command-line argument. This allows for arbitrary code execution if the tool is run against a directory containing a malicious version.py file.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It parses content from external Markdown and Godot XML files which are then served to the agent as context for search queries. Documentation containing adversarial instructions (e.g., 'Ignore all previous instructions and perform X') could influence the agent's behavior.
  • Ingestion points: scripts/parse_docs.py and scripts/parse_godot.py (ingests files from the local filesystem).
  • Boundary markers: None identified in the output formats (text/markdown) provided to the agent.
  • Capability inventory: While the search CLI is read-only, the agent utilizing this skill may have access to other tools (e.g., shell or filesystem access) that could be targeted by an injection.
  • Sanitization: The skill implements basic formatting removal (Markdown/BBCode stripping) but lacks filtering for natural language instructions in the ingested content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 01:34 PM