Skills
skills/microsoft/apm/docs-impact-localizer/Gen Agent Trust Hub

docs-impact-localizer

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution Surface]: The skill uses the gh (GitHub CLI) tool to perform gh pr diff operations. This is a standard and expected functionality for a tool intended to automate documentation updates based on code changes.\n- [Indirect Prompt Injection Surface]: The skill processes untrusted content from documentation pages and pull request diffs to generate instructions for downstream verification tools.\n
  • Ingestion points: Ingests content from documentation files (paths in scope_pages[]) and the PR diff (SKILL.md).\n
  • Boundary markers: The instructions do not implement specific boundary markers or "ignore instructions" directives for the data being analyzed.\n
  • Capability inventory: The skill utilizes shell commands (gh pr diff) and generates verification commands (e.g., grep, apm install --help) that are passed to other agent components for execution (SKILL.md).\n
  • Sanitization: No specific sanitization procedures are described for the data ingested before it is incorporated into the output task brief.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:20 PM
Security Audit — agent-trust-hub — docs-impact-localizer