docs-writer
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions require the agent to read content from the
packages/anddocs/directories, creating a vulnerability to indirect prompt injection from codebase content.\n - Ingestion points: File reading operations are performed on the codebase and documentation files (
SKILL.md).\n - Boundary markers: No explicit markers or instructions are provided to the agent to distinguish between content to be processed and instructions to be followed.\n
- Capability inventory: The agent has access to file modification tools (
replace,write_file) and can propose shell command execution (SKILL.md).\n - Sanitization: Content from the ingested files is not sanitized or validated before being used in the agent's context.\n- [COMMAND_EXECUTION]: The skill directs the agent to offer the execution of
npm run formatto the user after completing documentation tasks (SKILL.md), which involves shell command invocation.
Audit Metadata