cs-doc-api

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves reading and processing source code files from the user's project, which constitutes untrusted external data. Malicious instructions placed within code comments or string literals could potentially bypass the agent's intended logic during documentation generation.
  • Ingestion points: Project source code files located within the source_root directory (referenced in Phase 1 and 2 of the workflow).
  • Boundary markers: Absent. The instructions do not define clear delimiters or instruct the agent to ignore potentially adversarial content within the source files.
  • Capability inventory: The agent has the capability to write files to the local filesystem (docs/api/), execute local scripts (validate-yaml.py, search-yaml.py), and use subagents for parallel processing.
  • Sanitization: No sanitization, escaping, or validation logic is specified for the content extracted from source code before it is used in documentation generation.
  • [COMMAND_EXECUTION]: The skill workflow explicitly invokes local Python scripts, specifically validate-yaml.py and search-yaml.py, to validate manifest files and search through project documentation data. These scripts are called as shell commands with arguments (e.g., validate-yaml.py --file docs/api/manifest.yaml --yaml-only).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 12:35 AM
Security Audit — agent-trust-hub — cs-doc-api