devdocs-sync
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform repository status checks (git status, git log, git diff) and to run local test commands defined in the project configuration. These commands are used solely to verify the implementation state and documentation consistency.
- [PROMPT_INJECTION]: Evaluated for potential indirect prompt injection as the skill reads and processes external code and documentation files. The risk is minimized because the skill operates on local repository data, uses specific pattern-matching logic (e.g., annotations like @satisfies), and requires user confirmation for high-risk updates. Ingestion points include local code and markdown files; capabilities include Bash and file writing; sanitization is performed via pattern validation and mandatory user approval.
- [SAFE]: The skill adheres to security best practices by explicitly stating it does not execute unknown shell commands and by ensuring that most documentation updates are presented as a report for user approval before being written to disk. No obfuscation, hardcoded credentials, or exfiltration patterns were detected.
Audit Metadata