docs-check
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs dynamic context injection via the '!' syntax in 'references/verification-patterns.md' to execute reconnaissance shell commands like 'ls', 'find', and 'git log' during skill initialization. These commands are restricted to documentation-related paths and serve to populate the agent's context with file metadata and project history.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from documentation files in the 'docs/' directory. It instructs agents to 'verify EVERY claim' found within these documents. While this creates a potential attack surface if documentation contains malicious instructions, the skill's impact is limited by its use of read-only analysis tools and its specific focus on verification logic. (Evidence: 1. Ingestion points: 'docs/' directory; 2. Boundaries: absent; 3. Capability inventory: 'Read', 'Grep', 'Glob', 'Bash', 'Task'; 4. Sanitization: absent).
Audit Metadata