mkdocs
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform core documentation tasks such as installing packages via pip, building static sites (
mkdocs build), starting development servers (mkdocs serve), and executing deployment workflows (mkdocs gh-deploy,aws s3 sync). These commands are consistent with the skill's purpose as a documentation management tool. - [EXTERNAL_DOWNLOADS]: Instructions include downloading and installing various well-known Python packages from the official Python Package Index (PyPI). This includes the core MkDocs generator, the Material for MkDocs theme, and numerous plugins for search, API documentation, and site optimization.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the D2 diagramming tool CLI by downloading and executing a script from its official domain (d2lang.com). This is a common pattern for installing system-level developer tools.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes user-provided Markdown files to generate the final documentation site.
- Ingestion points: The agent is instructed to read content from the
docs/directory using the Read and LS tools (SKILL.md). - Boundary markers: No explicit delimiter or instruction-bypass warnings are used when processing the documentation files.
- Capability inventory: The skill allows the execution of Bash commands for building, previewing, and deploying content based on the processed documentation.
- Sanitization: The skill relies on the internal parsing logic of MkDocs and its extensions; no additional sanitization of the ingested content is specified.
Audit Metadata