Skills
skills/mgiovani/skills/inject-docs/Gen Agent Trust Hub

inject-docs

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources to update project documentation.
  • Downloads version-specific documentation from Vercel's servers using the official @next/codemod package.
  • Fetches the README and best practices guide from the zhanymkanov/fastapi-best-practices repository on GitHub via network tools like curl.
  • [COMMAND_EXECUTION]: The skill performs shell-based operations to detect project environments and apply changes.
  • Executes npx @next/codemod@canary agents-md to process Next.js documentation.
  • Reads project configuration files including package.json, pyproject.toml, and requirements.txt to auto-detect frameworks.
  • Writes and appends content to local files such as CLAUDE.md, AGENTS.md, and .gitignore.
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that ingests data from untrusted or external sources and writes it to a control file (CLAUDE.md) used to instruct AI agents.
  • Ingestion points: Fetches content from Vercel's external servers and a third-party GitHub repository.
  • Boundary markers: The instructions do not specify the use of clear delimiters or 'ignore embedded instructions' warnings for the injected content.
  • Capability inventory: The skill has the capability to execute shell commands via npx and perform file-system writes across the project root.
  • Sanitization: There is no explicit logic described for sanitizing or escaping the fetched documentation before it is appended to the project's primary instruction file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 04:32 PM
Security Audit — agent-trust-hub — inject-docs