docs-writer
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands (e.g.,
grep,ls,find) by interpolating user-provided feature names directly into the command strings. This creates a surface for shell command injection if the input is not sanitized by the platform. - [COMMAND_EXECUTION]: The skill utilizes dynamic execution of Python snippets (
python3 -c) via the Bash tool to parse and manipulate local JSON configuration schemas during the research phase. - [DATA_EXFILTRATION]: The skill is configured to read sensitive codebase files, including Go backend handlers and configuration schemas, while also having access to outbound network tools like
WebFetchandWebSearch. This combination creates a technical capability for data exfiltration if the agent is misdirected. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of ingesting and processing untrusted data.
- Ingestion points: Data enters the agent context from external websites via
WebFetch, library documentation viamcp__context7__query-docs, and existing local MDX documentation. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded within the researched materials.
- Capability inventory: The skill has broad capabilities including file system modification (
Write,Edit), shell execution (Bash), and task management. - Sanitization: There is no specified logic to sanitize or validate external content before it is used to generate or review documentation.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch external documentation and search the web using
WebFetch,WebSearch, and specialized MCP tools for library resolution.
Audit Metadata