mend-docs
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest metadata (names and descriptions) from various source files and embed them into core documentation files like README.md and CONTRIBUTING.md. This data flow could be exploited if an attacker provides a malicious skill or agent definition containing instructions that are then propagated to public documentation or the agent's context.
- Ingestion points: Extracts metadata from all files matching .claude/skills/**/*.md and agent definitions in .claude/agents/.
- Boundary markers: Uses HTML comments (e.g., ) as delimiters for content insertion in target documentation files.
- Capability inventory: Requires the ability to perform recursive file system reads and direct writes to documentation files within the workspace.
- Sanitization: Absent; the instructions do not include any steps for validating, escaping, or filtering the extracted metadata before it is interpolated into the final documentation output.
Audit Metadata