docs
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the conversation history and git diffs to update documentation and repository rules.
- Ingestion points: The skill reads the 'current conversation' and 'git changes' (SKILL.md).
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands in the source data are provided.
- Capability inventory: The skill is authorized to perform file-write operations to
dev-docs/*.mdandAGENTS.md(SKILL.md), which define rules for future agent sessions. - Sanitization: No sanitization logic for the ingested content is described before it is persisted to files.
Audit Metadata