docs-audit
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill uses localized CSV files for intent routing and playbook selection, which maintains a clean separation of concerns and limits arbitrary file access. Sources listed in skill.json for grounding include well-known and trusted entities like Cloudflare, Anthropic, Stripe, and the W3C.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to audit user-provided documentation (READMEs, API references, help content). An attacker could potentially embed malicious instructions within these documents to influence the audit outcome or report generation. Ingestion points: Target documentation provided by the user for auditing. Boundary markers: None explicitly implemented to isolate user content from the skill's instructions. Capability inventory: Generates markdown reports (audit-report.md, debug-runbook.md); no network or destructive file system access. Sanitization: No explicit sanitization of input text is performed.
- [COMMAND_EXECUTION]: The skill includes a shell script (evals/run-static-checks.sh) that executes local Python and shell commands to perform static analysis on the skill's structure. This is a development-time utility used for validation and does not interact with untrusted user input at runtime.
Audit Metadata