The Agent Skills Directory

[SAFE]: The skill's primary function is to generate documentation (OpenAPI 3.0) by scanning the local codebase for route definitions. All analysis and file generation occur locally using the agent's standard file-handling tools.
[SAFE]: No network tools are requested in the allowed-tools list, and the URLs found in the templates (e.g., http://localhost:3000, https://api.example.com) are standard documentation placeholders.
[SAFE]: The skill does not execute external scripts or download third-party dependencies. It uses a local template file (templates/openapi-3.0.yaml) to structure its output.
[PROMPT_INJECTION]: Potential attack surface for indirect prompt injection exists because the skill processes untrusted local source code (Category 8). 1. Ingestion points: Reads codebase via Grep, Glob, and Read tools as defined in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions in code comments are provided. 3. Capability inventory: Write and Edit tools are used to save documentation files to the project directory. 4. Sanitization: No specific sanitization logic for content found in code comments or docstrings is described. The risk is assessed as negligible because the output format is structured YAML for documentation and the skill lacks network or code execution tools.

api-documentation-generator