compound-docs
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests user-provided information such as problem descriptions, root causes, and categories to generate documentation. While it includes references to security best practices (e.g., 'Never Trust User Input' in critical-patterns.md), the skill instructions in SKILL.md do not explicitly mandate that the agent sanitize these inputs before they are interpolated into file paths or bash command templates.
- Ingestion points: Data gathered for problem, root cause, and category fields in SKILL.md.
- Boundary markers: None explicitly defined in the bash execution context.
- Capability inventory: The skill uses the 'Bash' tool to move files and execute a local CLI tool.
- Sanitization: None specified for the placeholders used in the bash scripts.
- [COMMAND_EXECUTION]: The skill uses a bash template to execute a local command-line utility for promoting learnings to a global knowledge base. The script relies on environment variables (e.g., $LEARNINGS_HOME) and placeholders ([category], [filename]) which are intended to be replaced by the agent at runtime. This represents a standard functional pattern for this type of utility.
Audit Metadata