docs-init
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill analyzes untrusted codebase files (e.g.,
package.json,README.md,models.py) and uses their content to populate documentation templates. - Ingestion points: Codebase exploration in Phase 1, file reading in Phase 2, and description extraction in Phase 6 (all defined in
SKILL.md). - Boundary markers: No explicit delimiters or "ignore" instructions are provided to the agent when processing external file content.
- Capability inventory: The skill allows the agent to create directories and write files (
docs/and its subdirectories) as seen in Phase 8. - Sanitization: No sanitization or validation of the ingested content is specified before it is interpolated into the final documentation.
- [COMMAND_EXECUTION]: Use of Dynamic Context Injection (
!commandsyntax). The skill uses shell commands at load time to gather project information. - Evidence:
find,git,basename, andheadcommands are used in the "Context Detection Examples" section ofSKILL.md. These are standard tools for project analysis and are used here for legitimate context gathering.
Audit Metadata