Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/docs-updater/Gen Agent Trust Hub

docs-updater

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external data such as git commit messages and existing documentation content.
  • Ingestion points: Untrusted data enters the context through git log output (commit messages) and file reads (README.md, CHANGELOG.md) in Phases 2 and 4.
  • Boundary markers: The skill implements a 'Present Changes for Review' phase (Phase 7), which serves as a manual boundary where users must approve proposed modifications.
  • Capability inventory: The skill utilizes Bash for analysis and Write/Edit tools for file modifications across the repository.
  • Sanitization: No automated sanitization is performed on commit messages; the skill relies on the user's manual review to catch unexpected or malicious content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 01:32 AM
Security Audit — agent-trust-hub — docs-updater