Skills
skills/vladm3105/aidoc-flow-framework/doc-tasks-reviewer/Gen Agent Trust Hub

doc-tasks-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (sha256sum, sed, yq, grep) to calculate and verify hashes for drift detection. Specifically, it uses commands like sha256sum <file_path> and yq '.<section_name>' <file_path> to process documentation files.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present in the Upstream Drift Detection feature (Check #9). The skill extracts section names and paths from document tags (e.g., @spec:, @tspec:) and interpolates them directly into shell commands. If these tags are modified by an attacker to include shell metacharacters, it could lead to command injection during the review process.
  • Ingestion points: Upstream reference tags (@spec:, @tspec:) and markdown links within TASKS, SPEC, and TSPEC files.
  • Boundary markers: None identified in the instruction for command assembly.
  • Capability inventory: Execution of bash utilities (sha256sum, yq, sed, grep, cut) via the agent's shell capability.
  • Sanitization: No explicit sanitization or validation of extracted paths or section names before shell interpolation is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:25 AM
Security Audit — agent-trust-hub — doc-tasks-reviewer