awesome-docs

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill allows the user to specify arbitrary documentation roots, including absolute paths (e.g., /path/to/repo/docs_product). If the agent's execution environment does not enforce strict path sandboxing, this could be leveraged to overwrite sensitive system files or configuration files outside the intended project directory.
  • [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It explicitly aims to create documentation that a "future AI agent can act on," yet it lacks sanitization or boundary markers for the ingested content.
  • Ingestion points: User-provided content intended for classification into plan/, todo/, experiment/, knowhow/, roadmap/, or the command registry in SKILL.md.
  • Boundary markers: Absent. The skill writes raw user content into Markdown and text files without delimiters or "ignore embedded instructions" headers.
  • Capability inventory: The skill utilizes the agent's ability to create directories and write/append to files across the local filesystem (documented in SKILL.md).
  • Sanitization: Absent. There is no logic to escape control characters or validate the safety of instructions being archived for future execution.
  • [COMMAND_EXECUTION]: The 常用命令.txt registry stores shell commands provided by the user. If an attacker can influence a user (e.g., via a malicious README or PR) to save a command, they can place arbitrary shell instructions into a file that the user or a future agent is likely to execute, creating a staged code execution vector.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:59 PM
Security Audit — agent-trust-hub — awesome-docs