litho-document-skill

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from external source code repositories, creating a surface for indirect prompt injection attacks. • Ingestion points: Target project files are accessed via read_file, grep_search, codebase_search, and list_files as outlined in references/phase1-preprocessing.md and references/phase2-research.md. • Boundary markers: The instructions do not provide explicit delimiters or instructions for the agent to ignore or isolate executable code or natural language instructions found within the analyzed files. • Capability inventory: The agent has the ability to write and modify files on the local system using write_to_file and replace_in_file to create documentation and manage state in the .litho-agent/ directory. • Sanitization: No sanitization or escaping mechanisms are defined for codebase content before it is interpolated into the generated Markdown documentation or Mermaid diagrams.
  • [COMMAND_EXECUTION]: The skill utilizes file manipulation tools to generate documentation and manage internal state. While these are used for the stated purpose of the skill, they represent a risk if the agent's logic is subverted through malicious content in the analyzed codebase, potentially allowing for the creation or modification of files outside the intended documentation scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 11:39 AM
Security Audit — agent-trust-hub — litho-document-skill