documentation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious code, prompt injection, or obfuscation detected across the 9 files.
- [COMMAND_EXECUTION] (LOW): The script
scripts/generate_feature.pyperforms local filesystem operations, including directory creation (pathlib.Path.mkdir) and file writing (pathlib.Path.write_text). These actions are consistent with the skill's stated purpose of automating documentation generation and use safe standard library modules. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill creates a surface for indirect prompt injection as it ingests user-provided text (descriptions) and interpolates them into markdown files without sanitization. While these files are intended for human and agent consumption, they do not currently target exploitable downstream capabilities within this specific skill context.
- Ingestion points: CLI arguments in
scripts/generate_feature.py(feature name, description). - Boundary markers: None present in generated markdown output.
- Capability inventory: Local file writing via
pathlib. - Sanitization: Kebab-case validation is performed on path components, but no escaping is applied to the description text body.
Audit Metadata