doc-sys-autopilot
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands and local Python scripts located within the project repository, such as
ai_dev_ssd_flow/06_SYS/scripts/validate_sys.pyandai_dev_ssd_flow/scripts/update_traceability_matrix.py. It also includes steps to run shell hooks located at./hooks/pre_sys_generation.shand./hooks/post_sys_generation.sh. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data processing workflow.
- Ingestion points: It reads architecture decisions, system constraints, and requirements from upstream documents including ADR, BRD, and PRD markdown files in the
docs/directory. - Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate the ingested data from the agent's internal logic or templates.
- Capability inventory: The skill has the capability to execute local scripts and write generated markdown files to the
docs/06_SYS/directory. - Sanitization: There is no specified sanitization or validation of the content extracted from the input documents before it is used to populate the system requirements templates.
Audit Metadata