writing
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed to assist with documentation tasks by leveraging local project files and pre-defined templates. Its operations are transparent and strictly limited to the local development environment.
- [COMMAND_EXECUTION]: The skill uses git log to retrieve historical context and the open command to preview generated HTML reports. These functions are part of a standard development workflow and do not pose a security risk in this context.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests project files and git logs to generate documentation. Ingestion points: reads source code, git history, and existing docs. Boundary markers: none specified in instructions. Capability inventory: file system access and basic shell commands (git, open). Sanitization: no explicit validation of ingested text.
Audit Metadata