Skills
skills/vladm3105/aidoc-flow-framework/doc-sys-fixer/Gen Agent Trust Hub

doc-sys-fixer

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Processes audit reports and Architecture Decision Records (ADRs) to automate document fixes.
  • Boundary markers: Instructions do not define clear delimiters or instructions to ignore potentially malicious embedded content within the ingested reports.
  • Capability inventory: The skill has capabilities to create directories, move files (shutil.move), write file content (Path.write_text), and execute local shell commands (sha256sum).
  • Sanitization: No explicit validation or sanitization of the text content extracted from ingested reports is documented before it is used to perform file system operations.
  • [COMMAND_EXECUTION]: The skill documentation includes logic to execute a shell command (sha256sum) to compute hashes of upstream files. This is a local operation intended for drift detection and file integrity validation within the project scope.
  • [SAFE]: The skill's file system operations are restricted to specific project documentation directories and a dedicated archive path, consistent with its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:25 AM
Security Audit — agent-trust-hub — doc-sys-fixer