api-documentation-verify
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process the contents of various files within a repository which may contain untrusted data.
- Ingestion points: The skill discovers and reads documentation files (e.g.,
.md,README,DOCS,API) and referenced source code files to extract and verify technical claims. - Boundary markers: The instructions do not define boundary markers or delimiters to isolate untrusted file content, nor do they instruct the agent to ignore any embedded instructions found within those files.
- Capability inventory: The skill leverages file search (
find) and read capabilities. It performs text extraction and comparison but does not exhibit capabilities for executing analyzed code or performing network operations. - Sanitization: There is no mention of sanitizing or validating the contents of the files before they are processed by the agent for verification purposes.
Audit Metadata