feature-doc-splitter

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied 'feature notes' to generate technical documentation, which creates a surface for indirect prompt injection.
  • Ingestion points: SKILL.md (Workflow Step 2: 'Read the initial feature note completely').
  • Boundary markers: Absent. There are no instructions for the agent to ignore or delimit potentially malicious instructions embedded within the user's notes.
  • Capability inventory: SKILL.md (Required Output and Workflow Step 8). The agent has the capability to read repository files and write markdown or JSON files to the local file system.
  • Sanitization: Absent. The skill does not specify any filtering or escaping of content extracted from the user's notes before inclusion in documentation.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard local development tools for inspecting the codebase and validating changes.
  • Evidence: SKILL.md (Workflow Step 3: 'Use rg and targeted file reads'; Workflow Step 9: 'run at least git diff --check'). These commands are used for legitimate repository maintenance and do not involve network access or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:07 AM
Security Audit — agent-trust-hub — feature-doc-splitter