ln-160-docs-skill-extractor
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from project documentation (docs//*.md, tests/manual//*) to generate command files, presenting an indirect prompt injection surface. A malicious document could attempt to influence the logic of the generated commands.\n
- Ingestion points: Scans markdown documentation and test files (SKILL.md Phase 1).\n
- Boundary markers: Employs procedural classification scoring (references/procedural_extraction_rules.md) but does not define explicit prompt delimiters for ingested content.\n
- Capability inventory: Orchestrates the creation of executable markdown files under the .claude/commands/ directory.\n
- Sanitization: Implements a mandatory Phase 3 User Approval Gate, requiring explicit confirmation of the extraction plan before delegating file creation to worker skills.- [COMMAND_EXECUTION]: The skill is designed to create executable command files in the project's command directory. This behavior is the intended primary functionality described in the skill documentation.
Audit Metadata