md-docs
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from the project codebase (e.g., configuration files, READMEs, source code) to inform documentation generation and verification without sufficient isolation.\n
- Ingestion points: Project files such as AGENTS.md, package.json, pyproject.toml, and README are read across workflows (SKILL.md, references/update-readme.md).\n
- Boundary markers: The skill lacks explicit instructions or delimiters to the agent to ignore potentially malicious instructions embedded within the files being analyzed.\n
- Capability inventory: The skill includes capabilities to execute shell commands (mv, cp, ln) and specifically directs the agent to run project-defined build, test, and lint commands (SKILL.md).\n
- Sanitization: There is no evidence of sanitization or filtering applied to content extracted from untrusted project files before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary build and test commands discovered within the project's metadata files to verify documentation correctness. This behavior, while functional, allows for the execution of code defined in the target repository.
Audit Metadata