skills/grafana/tempo/docs-review/Gen Agent Trust Hub

docs-review

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the Vale prose linter (vale.sh) and configuration files within the Grafana 'writers-toolkit' repository on GitHub. These are standard resources for documentation workflows and are hosted on official or well-known domains.
  • [PROMPT_INJECTION]: The skill processes documentation content which constitutes an indirect prompt injection surface.
  • Ingestion points: Document files are read via the Read tool as part of the review steps defined in SKILL.md.
  • Boundary markers: The instructions do not define explicit delimiters or instructions to prevent the agent from following commands potentially embedded in the reviewed documentation.
  • Capability inventory: The agent uses Bash, Read, and Grep to perform analysis and execute development tools.
  • Sanitization: There is no mentioned process for sanitizing documentation content before it is read by the agent.
  • [COMMAND_EXECUTION]: The skill executes the vale command-line tool via the Bash tool to perform automated linting on documentation files based on provided paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:13 AM
Security Audit — agent-trust-hub — docs-review