document-generate
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill researches and processes untrusted codebase data (source code, tests, documentation) to generate new content, which is a standard surface for indirect prompt injection.
- Ingestion points: Reads project implementation files, tests, READMEs, and configuration files during the 'Codebase Archaeology' phase (Step 1).
- Boundary markers: No specific delimiters or 'ignore embedded instructions' directives are used when interpolating ingested code into the model's context.
- Capability inventory: The skill has access to powerful tools including 'Bash', 'Write', 'Edit', and 'AskUserQuestion'.
- Sanitization: The skill does not describe any validation or sanitization of the content read from the codebase before it is processed.
- [DYNAMIC_EXECUTION]: The preamble uses
evalandsourceto execute shell code dynamically generated by local gstack utility binaries (e.g.,gstack-slugandgstack-repo-mode). This is a common pattern in the gstack ecosystem for environment and session management. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes telemetry logging and an 'Artifacts Sync' feature capable of pushing data to a remote repository. These behaviors are transparently implemented as features of the toolset and are gated by user permission via interactive prompts.
Audit Metadata