The Agent Skills Directory

[SAFE]: The skill's primary function is to read source code and generate documentation files in Markdown and JSON formats. It does not perform any unauthorized network requests, credential harvesting, or system modifications.
[DATA_EXPOSURE]: The skill analyzes source code provided by the user to extract API definitions. This behavior is consistent with its stated purpose. There are no instructions to access or exfiltrate sensitive system files such as SSH keys, cloud provider configurations, or environment variables containing real credentials.
[PROMPT_INJECTION]: The instructions in SKILL.md are task-oriented and focus on workflow steps for documentation generation. No patterns associated with jailbreaking, ignoring previous instructions, or bypassing safety filters were detected.
[INDIRECT_PROMPT_INJECTION]: The skill processes source code (untrusted input) to generate documentation. While this creates a theoretical surface for indirect injection (e.g., via malicious docstrings), the skill's capabilities are limited to producing text-based documentation and do not include high-risk actions like executing code or making network calls based on the ingested content.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute any external scripts or binaries. The example commands generated (like curl examples) are for documentation purposes and are not executed by the agent on the host system.

api-doc-generator