Skills
skills/peterbamuhigire/skills-web-dev/manual-guide/Gen Agent Trust Hub

manual-guide

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from numerous repository locations.
  • Ingestion points: SKILL.md instructs the agent to analyze docs/plans/**/*.md, database/schema/*.sql, src/, app/, and docs/*.
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within the analyzed documentation or code.
  • Capability inventory: The agent utilizes create_file and apply_patch to modify the repository.
  • Sanitization: No sanitization or validation of content extracted from codebase files is performed.
  • [COMMAND_EXECUTION]: The skill instructs the agent to generate executable code that utilizes unsafe patterns.
  • Evidence: The 'Manual Delivery Requirements' section mandates the creation of /public/user-manuals.php, which is designed to 'dynamically include manual files' via a URL parameter (e.g., ?manual=pos-system). This pattern is a known security anti-pattern that leads to Local File Inclusion (LFI) if the agent does not implement an allow-list or strict path sanitization.
  • [DATA_EXFILTRATION]: The skill accesses sensitive architectural metadata that maps the entire application.
  • Evidence: The 'Contextual Discovery' phase requires scanning database/schema/*.sql to identify database constraints, triggers, and fields. While intended for manuals, this provides the agent with full visibility into the internal data structure, which could be exposed if the agent is manipulated via injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 07:26 PM