audit-docs-delegation
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes the contents of potentially untrusted local files including SKILL.md and memory files.
- Ingestion points: Discovers and reads markdown files in plugins and project-level .claude/ directories.
- Boundary markers: The instructions do not define delimiters or markers to ensure the subagent ignores instructions embedded within the data it audits.
- Capability inventory: The skill utilizes Bash, Read, and Task tools, and spawns a subagent (docs-delegation-auditor) to perform the analysis.
- Sanitization: There is no explicit sanitization or escaping of the content read from external files before it is processed by the subagent. If these files contain malicious instructions, they could influence the agent's behavior during the audit process.
Audit Metadata