doc
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted documentation files and project instructions that could contain malicious directives.
- Ingestion points: Documentation files (
docs/**/*.md), README files, and the project instructions file (CLAUDE.md) referenced inSKILL.md. - Boundary markers: The skill does not define explicit delimiters or instructions to the agent to disregard embedded directives within the files being processed.
- Capability inventory: File system read and write operations limited to documentation folders. No network operations or administrative shell command execution was found.
- Sanitization: No sanitization or validation logic is present to filter out potential instructions from documentation content.
- Persistence Risk: The skill explicitly notes it may propose edits to
CLAUDE.md. If an attacker embeds malicious instructions in project documentation, the agent could be tricked into modifying its own configuration file, leading to persistent behavioral changes.
Audit Metadata