project-docs-sync
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill automatically propagates changes from source documentation files to other project documents, creating a surface for indirect prompt injection.
- Ingestion points: Reads content from markdown files within the
project-management/directory, which may contain untrusted user input or external data. - Boundary markers: Absent. The logic does not define clear delimiters or specific instructions to the agent to ignore potentially malicious embedded instructions within the document content being processed.
- Capability inventory: Uses the
WriteandEdittools to modify project files (e.g.,ARCHITECTURE.md,SPECIFICATIONS.md). - Sanitization: Absent. The current implementation relies on keyword-based classification and does not explicitly sanitize or escape the content being moved between files.
- [SAFE]: No hardcoded credentials, malicious network operations, or unauthorized privilege escalation attempts were detected. The use of local state storage in
.meta/last-sync.jsonis a standard practice for tracking sync status.
Audit Metadata