doc-smith-check
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (e.g.,
check-structure.mjs,check-content.mjs) to perform its validation logic. These scripts interact with the filesystem to read, write, and delete files, but operations are strictly scoped to the.aigne/doc-smithsubdirectory within the current working directory. - [EXTERNAL_DOWNLOADS]: The
validate-content.mjsscript performs network requests using thefetchAPI. These are restricted toHEADrequests used specifically to verify the availability of remote images referenced in the documentation. A timeout and custom User-Agent are implemented for these checks. - [DATA_EXFILTRATION]: No evidence of sensitive data exfiltration was found. File access is limited to the documentation workspace, and network operations are limited to connectivity checks for external image URLs found in content.
- [PROMPT_INJECTION]: The skill metadata contains internal-only usage instructions but does not include patterns aimed at bypassing AI safety filters or overriding system instructions.
- [SAFE]: The skill implements security best practices such as path traversal prevention (checking for
..in relative paths) and restricting destructive operations (file deletion) to directories recognized by the project's structure configuration.
Audit Metadata