documentation-writer

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process content from source code and configuration files. \n
  • Ingestion points: The agent reads implementation code, tests, examples, and configuration files (SKILL.md). \n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its core instructions and content found in the repository files. \n
  • Capability inventory: The agent has the authority to modify files, implement code changes, and execute repository build and validation commands (SKILL.md). \n
  • Sanitization: There are no instructions to sanitize or validate data extracted from external source files before it is used by the agent. \n- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute repository-specific build, type-checking, and formatting commands. This provides a capability to run shell commands defined in the local environment's configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 11:55 PM
Security Audit — agent-trust-hub — documentation-writer