Skills
skills/nvidia/nemoclaw/update-docs/Gen Agent Trust Hub

update-docs

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git log, git show, and make docs to analyze code changes and build documentation. These are expected commands for a development-focused skill maintaining its own repository history.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external git data.
  • Ingestion points: Data is read from commit messages and diffs using git log and git show as specified in SKILL.md.
  • Boundary markers: There are no explicit markers or instructions to isolate commit content from the agent's primary instructions.
  • Capability inventory: The skill allows shell command execution (via make docs) and file system modifications (via drafting updates).
  • Sanitization: The skill does not perform any validation or sanitization of the commit content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:30 AM
Security Audit — agent-trust-hub — update-docs