Skills
skills/nesnilnehc/ai-cortex/bootstrap-docs/Gen Agent Trust Hub

bootstrap-docs

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation templates and configuration files from the author's public GitHub repository (github.com/nesnilnehc/project-documentation-template). This is a standard part of the skill's bootstrapping function.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection (Category 8).
  • Ingestion points: Project metadata including project name, description, and technical stack (defined in input_schema and SKILL.md).
  • Boundary markers: The skill uses placeholder replacement logic (e.g., [...] placeholders) but lacks explicit security boundaries for untrusted data interpolation.
  • Capability inventory: The agent is instructed to write files to the docs/ directory and create a VERSION file on the local filesystem.
  • Sanitization: There are no instructions for sanitizing, escaping, or validating the project metadata before it is written into the documentation templates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 05:42 AM