index-knowledge
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests untrusted content from the repository, such as source code comments (e.g., 'DO NOT', 'NEVER') and existing 'AGENTS.md' files, to derive project rules and behavior.
- Ingestion points: Reads existing documentation (AGENTS.md, CLAUDE.md) and repository source files during discovery.
- Boundary markers: Absent. No delimiters or warnings are used to isolate untrusted content from the generation instructions.
- Capability inventory: The skill possesses access to bash command execution, sub-agent spawning (via Task calls), and filesystem write operations.
- Sanitization: None. Ingested data is used directly to derive project rules and influence generated documentation content.
- [COMMAND_EXECUTION]: Employs standard shell commands (find, awk, sed, wc) to analyze project directory structure, calculate file complexity, and identify code patterns. These operations are used for legitimate repository discovery and do not involve sensitive system file access or privilege escalation.
Audit Metadata