feature-doc-splitter
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied 'feature notes' to generate technical documentation, which creates a surface for indirect prompt injection.
- Ingestion points: SKILL.md (Workflow Step 2: 'Read the initial feature note completely').
- Boundary markers: Absent. There are no instructions for the agent to ignore or delimit potentially malicious instructions embedded within the user's notes.
- Capability inventory: SKILL.md (Required Output and Workflow Step 8). The agent has the capability to read repository files and write markdown or JSON files to the local file system.
- Sanitization: Absent. The skill does not specify any filtering or escaping of content extracted from the user's notes before inclusion in documentation.
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard local development tools for inspecting the codebase and validating changes.
- Evidence: SKILL.md (Workflow Step 3: 'Use
rgand targeted file reads'; Workflow Step 9: 'run at leastgit diff --check'). These commands are used for legitimate repository maintenance and do not involve network access or privilege escalation.
Audit Metadata