awesome-docs
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill allows the user to specify arbitrary documentation roots, including absolute paths (e.g.,
/path/to/repo/docs_product). If the agent's execution environment does not enforce strict path sandboxing, this could be leveraged to overwrite sensitive system files or configuration files outside the intended project directory. - [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It explicitly aims to create documentation that a "future AI agent can act on," yet it lacks sanitization or boundary markers for the ingested content.
- Ingestion points: User-provided content intended for classification into
plan/,todo/,experiment/,knowhow/,roadmap/, or the command registry inSKILL.md. - Boundary markers: Absent. The skill writes raw user content into Markdown and text files without delimiters or "ignore embedded instructions" headers.
- Capability inventory: The skill utilizes the agent's ability to create directories and write/append to files across the local filesystem (documented in
SKILL.md). - Sanitization: Absent. There is no logic to escape control characters or validate the safety of instructions being archived for future execution.
- [COMMAND_EXECUTION]: The
常用命令.txtregistry stores shell commands provided by the user. If an attacker can influence a user (e.g., via a malicious README or PR) to save a command, they can place arbitrary shell instructions into a file that the user or a future agent is likely to execute, creating a staged code execution vector.
Audit Metadata