Skills
skills/mdhb2/lean-coding-skills/lcs-doc-finalizer/Gen Agent Trust Hub

lcs-doc-finalizer

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted project data that could contain malicious instructions.
  • Ingestion points: Reads task files (task-###.md), PRD files (prd-enhanced.md), and exploration logs (explore.md) in steps 2 and 4 of the behavior checklist.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or to ignore potential instructions embedded within the files being processed.
  • Capability inventory: The skill has file-read and file-write access, and the capability to move and delete directories (SKILL.md step 9).
  • Sanitization: None. There is no validation or escaping of the content read from external files before it is used to generate documentation or perform file operations.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform destructive file system operations as part of its workflow.
  • Evidence: Step 9 of the behavior checklist explicitly requires the agent to "delete source folder .lcs/work-items/-/ completely." While intended for project maintenance, this operation relies on paths derived from the project state and task identifiers which could potentially be manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 03:50 AM
Security Audit — agent-trust-hub — lcs-doc-finalizer