litho-document-skill
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from external source code repositories, creating a surface for indirect prompt injection attacks. • Ingestion points: Target project files are accessed via read_file, grep_search, codebase_search, and list_files as outlined in references/phase1-preprocessing.md and references/phase2-research.md. • Boundary markers: The instructions do not provide explicit delimiters or instructions for the agent to ignore or isolate executable code or natural language instructions found within the analyzed files. • Capability inventory: The agent has the ability to write and modify files on the local system using write_to_file and replace_in_file to create documentation and manage state in the .litho-agent/ directory. • Sanitization: No sanitization or escaping mechanisms are defined for codebase content before it is interpolated into the generated Markdown documentation or Mermaid diagrams.
- [COMMAND_EXECUTION]: The skill utilizes file manipulation tools to generate documentation and manage internal state. While these are used for the stated purpose of the skill, they represent a risk if the agent's logic is subverted through malicious content in the analyzed codebase, potentially allowing for the creation or modification of files outside the intended documentation scope.
Audit Metadata